CVE-2017-0377CVE-2017-0377

Affected configuration(s):

cpe:/a:torproject:tor:0.3.0.1:alpha
cpe:/a:torproject:tor:0.3.0.2:alpha
cpe:/a:torproject:tor:0.3.0.3:alpha
cpe:/a:torproject:tor:0.3.0.4
cpe:/a:torproject:tor:0.3.0.5
cpe:/a:torproject:tor:0.3.0.6
cpe:/a:torproject:tor:0.3.0.7
cpe:/a:torproject:tor:0.3.0.8

Date published: 2017-07-02T11:29:00.187-04:00

Date last modified: 2017-07-14T10:21:16.720-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://blog.torproject.org/blog/tor-0309-released-security-update-clients

Summary: Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay’s family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.