CVE-2009-2426 — TOR vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedJul 10

Latest updateMay 2

Description

The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.2.0.35-1+3

▶NVDtor/tor94 versions+93

Patches

Patch: archives.seul.org ↗Patch: www.osvdb.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3c9-qr4c-gm4p: The connection_edge_process_relay_cell_not_open function in src/or/relay↗2022-05-02

▶

OSV

CVE-2009-2426: The connection_edge_process_relay_cell_not_open function in src/or/relay↗2009-07-10

▶

CVEList

CVE-2009-2426: The connection_edge_process_relay_cell_not_open function in src/or/relay↗2009-07-10

▶

📋Vendor Advisories

Debian

CVE-2009-2426: tor - The connection_edge_process_relay_cell_not_open function in src/or/relay.c in To...↗2009

▶