CVE-2017-8822 — Project TOR vulnerability

CWE-4177 documents6 sources

Severity

3.7LOWNVD

EPSS

0.2%

top 61.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR Project TOR Debian Linux

Timeline

PublishedDec 3

Latest updateMay 17

Description

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶NVDtor_project/tor0.2.6 — 0.2.8.17+4

▶Debiantorproject/tor< 0.3.1.9-1+3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-6j8p-f9mw-w2qg: In Tor before 0↗2022-05-17

▶

OSV

CVE-2017-8822: In Tor before 0↗2017-12-03

▶

CVEList

CVE-2017-8822: In Tor before 0↗2017-12-03

▶

📋Vendor Advisories

Debian

CVE-2017-8822: tor - In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9....↗2017

▶

💬Community

Bugzilla

CVE-2017-8819 CVE-2017-8820 CVE-2017-8821 CVE-2017-8822 CVE-2017-8823 tor: Multiple vulnerabilities [epel-6]↗2017-12-05

▶

Bugzilla

CVE-2017-8820 CVE-2017-8821 CVE-2017-8822 CVE-2017-8819 CVE-2017-8823 tor: Multiple vulnerabilities↗2017-12-05

▶