CVE-2021-46702Improper Resource Shutdown or Release in TOR

CWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 68.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Torproject TOR
Timeline
PublishedFeb 26
Latest updateFeb 27

Description

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDtorproject/tor9.0.7

🔴Vulnerability Details

2
GHSA
GHSA-5rfp-95m3-27h9: Tor Browser 92022-02-27
CVEList
CVE-2021-46702: Tor Browser 92022-02-26
CVE-2021-46702 — Improper Resource Shutdown or Release | cvebase