CVE-2009-0939 — TOR vulnerability

10 documents7 sources
Severity
10.0CRITICALNVD
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Torproject TORTOR
Timeline
PublishedMar 18
Latest updateMay 2

Description

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

â–¶Debiantorproject/tor< 0.2.0.34-1+3
â–¶NVDtor/tor0.2.0.33+29

🔴Vulnerability Details

3
GHSA
GHSA-4v97-9crm-p348: Tor before 0↗2022-05-02
â–¶
CVEList
CVE-2009-0939: Tor before 0↗2009-03-18
â–¶
OSV
CVE-2009-0939: Tor before 0↗2009-03-18
â–¶

📋Vendor Advisories

5
Debian
CVE-2009-0939: tor - Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown...↗2009
â–¶
Red Hat
tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)↗
â–¶
Red Hat
tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)↗
â–¶
Red Hat
tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)↗
â–¶
Red Hat
tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)↗
â–¶

💬Community

1
Bugzilla
tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)↗2009-02-11
â–¶
CVE-2009-0939 — TOR vulnerability | cvebase