CVE-2008-5398

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.2.0.32

Description The issue arises from improper processing of the ClientDNSRejectInternalAddresses configuration option when an exit relay issues a policy-based refusal of a stream. This allows remote exit relays to potentially map an internal IP address to the destination hostname of a refused stream, although the exact impact is unknown.

Recommendations For versions prior to 0.2.0.32, update to version 0.2.0.32 or later to resolve the issue.