CVE-2023-23589: The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka…

medium6.5CVSS 3.1

AVNACLPRNUINSUCLILAN

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	tor	< tor 0.4.7.13-1 (bookworm)	tor 0.4.7.13-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
torproject	tor	< 0.4.7.13	0.4.7.13
torproject	tor	>= 0 < 0.4.5.16-1	0.4.5.16-1
torproject	tor	>= 0 < 0.4.7.13-1	0.4.7.13-1
torproject	tor	>= 0 < 0.4.7.13-1	0.4.7.13-1
torproject	tor	>= 0 < 0.4.7.13-1	0.4.7.13-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

osv6.5MEDIUM