CVE-2017-8822
published 2017-12-03CVE-2017-8822: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have…
low3.7CVSS 3.0
AVNACHPRNUINSUCLINAN
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tor | < tor 0.3.1.9-1 (bookworm) | tor 0.3.1.9-1 (bookworm) |
| tor_project | tor | < 0.2.5.16 | 0.2.5.16 |
| tor_project | tor | >= 0.2.6 < 0.2.8.17 | 0.2.8.17 |
| tor_project | tor | >= 0.2.9 < 0.2.9.14 | 0.2.9.14 |
| tor_project | tor | >= 0.3.0 < 0.3.0.13 | 0.3.0.13 |
| tor_project | tor | >= 0.3.1 < 0.3.1.9 | 0.3.1.9 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
CVSS provenance
nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
osv3.7LOW