CVE-2021-46702
Summary
| CVE | CVE-2021-46702 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-26 03:15:00 UTC |
| Updated | 2022-03-10 16:50:00 UTC |
| Description | Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. |
Risk And Classification
Problem Types: CWE-404
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Torproject | Tor | 9.0.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Tor forensics: Proposed workflow for client memory artefacts - ScienceDirect | MISC | www.sciencedirect.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.