CVE-2021-28090Reachable Assertion in TOR

CWE-617Reachable Assertion7 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
2.0%
top 16.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Torproject TORFedoraproject Fedora
Timeline
PublishedMar 19
Latest updateOct 4

Description

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDtorproject/tor0.4.4.40.4.4.8+6
Debiantorproject/tor< 0.4.5.7-1+3

Also affects: Fedora 33

🔴Vulnerability Details

4
OSV
tor vulnerabilities2022-10-04
GHSA
GHSA-79hx-qq8c-36qm: Tor before 02022-05-24
CVEList
CVE-2021-28090: Tor before 02021-03-19
OSV
CVE-2021-28090: Tor before 02021-03-19

📋Vendor Advisories

2
Ubuntu
Tor vulnerabilities2022-10-04
Debian
CVE-2021-28090: tor - Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities t...2021
CVE-2021-28090 — Reachable Assertion in Torproject TOR | cvebase