Known Vulnerabilities for products from Torproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Torproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44603 json | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-44602 json | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-44601 json | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a c... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-44600 json | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-44599 json | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-44597 json | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka ... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2023-23589 json | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the saf... | 6.5 - MEDIUM | 2023-01-14 | 2023-11-07 |
| CVE-2022-33903 json | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | 7.5 - HIGH | 2022-07-17 | 2023-05-03 |
| CVE-2021-46702 json | Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypa... | 5.5 - MEDIUM | 2022-02-26 | 2022-03-10 |
| CVE-2021-39246 json | Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v... | 6.1 - MEDIUM | 2021-09-24 | 2021-10-01 |
| CVE-2021-38385 json | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signat... | 7.5 - HIGH | 2021-08-30 | 2023-05-03 |
| CVE-2021-34550 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-boun... | 7.5 - HIGH | 2021-06-29 | 2021-09-20 |
| CVE-2021-34549 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit dat... | 7.5 - HIGH | 2021-06-29 | 2022-07-12 |
| CVE-2021-34548 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypas... | 7.5 - HIGH | 2021-06-29 | 2023-08-08 |
| CVE-2021-28090 json | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2... | 5.3 - MEDIUM | 2021-03-19 | 2023-11-07 |
| CVE-2021-28089 json | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-... | 7.5 - HIGH | 2021-03-19 | 2023-11-07 |
| CVE-2020-15572 json | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor insta... | 7.5 - HIGH | 2020-07-15 | 2021-07-21 |
| CVE-2020-10593 json | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (m... | 7.5 - HIGH | 2020-03-23 | 2023-02-03 |
| CVE-2020-10592 json | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (C... | 7.5 - HIGH | 2020-03-23 | 2022-01-01 |
| CVE-2020-8516 json | ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known ... | 5.3 - MEDIUM | 2020-02-02 | 2023-11-07 |
Known software with vulnerabilities from Torproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Torproject | Tor | - |
| Application | Torproject | Tor Browser | - |