CVE-2026-44601

EPSS 0.06%
Veröffentlicht 07.05.2026 04:16:35
Zuletzt bearbeitet 08.05.2026 17:07:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Torproject ≫ Tor Version < 0.4.9.7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.171

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-837 Improper Enforcement of a Single, Unique Action

The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.

https://forum.torproject.org/c/news/tor-release-announcement/28

Release Notes

https://www.openwall.com/lists/oss-security/2026/05/06/8

Mailing List

Release Notes

https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc

Patch

https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2026-44601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-44601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-44601

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-44601