6.3
CVE-2025-4444
- EPSS 0.44%
- Veröffentlicht 18.09.2025 13:58:52
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Tor Onion Service Descriptor resource consumption
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Tor
Version
0.4.7.0
Status
affected
Version
0.4.7.1
Status
affected
Version
0.4.7.2
Status
affected
Version
0.4.7.3
Status
affected
Version
0.4.7.4
Status
affected
Version
0.4.7.5
Status
affected
Version
0.4.7.6
Status
affected
Version
0.4.7.7
Status
affected
Version
0.4.7.8
Status
affected
Version
0.4.7.9
Status
affected
Version
0.4.7.10
Status
affected
Version
0.4.7.11
Status
affected
Version
0.4.7.12
Status
affected
Version
0.4.7.13
Status
affected
Version
0.4.7.14
Status
affected
Version
0.4.7.15
Status
affected
Version
0.4.7.16
Status
affected
Version
0.4.8.0
Status
affected
Version
0.4.8.1
Status
affected
Version
0.4.8.2
Status
affected
Version
0.4.8.3
Status
affected
Version
0.4.8.4
Status
affected
Version
0.4.8.5
Status
affected
Version
0.4.8.6
Status
affected
Version
0.4.8.7
Status
affected
Version
0.4.8.8
Status
affected
Version
0.4.8.9
Status
affected
Version
0.4.8.10
Status
affected
Version
0.4.8.11
Status
affected
Version
0.4.8.12
Status
affected
Version
0.4.8.13
Status
affected
Version
0.4.8.14
Status
affected
Version
0.4.8.15
Status
affected
Version
0.4.8.16
Status
affected
Version
0.4.8.17
Status
affected
Version
0.4.8.18
Status
unaffected
Version
0.4.9.3-alpha
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.348 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://vuldb.com/?id.324814
https://vuldb.com/?ctiid.324814
https://vuldb.com/?submit.640605
https://github.com/chunmianwang/Tordos
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578