Known Vulnerabilities for Tor by Torproject
Listed below are 10 of the newest known vulnerabilities associated with "Tor" by "Torproject".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-38385 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signat... | 7.5 - HIGH | 2021-08-30 | 2023-05-03 |
| CVE-2021-34550 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-boun... | 7.5 - HIGH | 2021-06-29 | 2021-09-20 |
| CVE-2021-34549 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit dat... | 7.5 - HIGH | 2021-06-29 | 2022-07-12 |
| CVE-2021-34548 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypas... | 7.5 - HIGH | 2021-06-29 | 2023-08-08 |
| CVE-2021-28090 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2... | 5.3 - MEDIUM | 2021-03-19 | 2023-11-07 |
| CVE-2021-28089 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-... | 7.5 - HIGH | 2021-03-19 | 2023-11-07 |
| CVE-2020-15572 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor insta... | 7.5 - HIGH | 2020-07-15 | 2021-07-21 |
| CVE-2020-10593 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (m... | 7.5 - HIGH | 2020-03-23 | 2023-02-03 |
| CVE-2020-10592 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (C... | 7.5 - HIGH | 2020-03-23 | 2022-01-01 |
| CVE-2020-8516 | ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known ... | 5.3 - MEDIUM | 2020-02-02 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Torproject | Tor | 7.0.9 | All | All | All |
| Application | Torproject | Tor | 0.4.4.1 | alpha | All | All |
| Application | Torproject | Tor | 0.4.4.0 | alpha | All | All |
| Application | Torproject | Tor | 0.4.3.6 | All | All | All |
| Application | Torproject | Tor | 0.4.3.5 | All | All | All |
| Application | Torproject | Tor | 0.4.2.8 | All | All | All |
| Application | Torproject | Tor | 0.4.2.7 | All | All | All |
| Application | Torproject | Tor | 0.4.2.6 | All | All | All |
| Application | Torproject | Tor | 0.4.2.5 | All | All | All |
| Application | Torproject | Tor | 0.4.2.0 | All | All | All |
| Application | Torproject | Tor | 0.4.1.9 | All | All | All |
| Application | Torproject | Tor | 0.4.1.8 | All | All | All |
| Application | Torproject | Tor | 0.4.1.2 | alpha | All | All |
| Application | Torproject | Tor | 0.4.1.1 | alpha | All | All |
| Application | Torproject | Tor | 0.4.1.0 | All | All | All |
| Application | Torproject | Tor | 0.4.0.4 | rc | All | All |
| Application | Torproject | Tor | 0.4.0.3 | alpha | All | All |
| Application | Torproject | Tor | 0.4.0.2 | alpha | All | All |
| Application | Torproject | Tor | 0.4.0.1 | alpha | All | All |
| Application | Torproject | Tor | 0.3.9 | All | All | All |