CVE-2007-4098 — TOR vulnerability

5 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

1.0%

top 23.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedJul 30

Latest updateMay 1

Description

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.1.2.15-1+3

▶NVDtor/tor15 versions+14

Patches

Patch: archives.seul.org ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rwq-85qc-qq76: Tor before 0↗2022-05-01

▶

CVEList

CVE-2007-4098: Tor before 0↗2007-07-30

▶

OSV

CVE-2007-4098: Tor before 0↗2007-07-30

▶

📋Vendor Advisories

Debian

CVE-2007-4098: tor - Tor before 0.1.2.15 does not properly distinguish "streamids from different exit...↗2007

▶