PT-2017-18556 · Tor+1 · Tor+1
Publicado
2017-12-01
·
Atualizado
2024-06-15
·
CVE-2017-8822
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tor versions 0.2.6 through 0.2.8 before 0.2.8.17
Tor versions 0.2.9 before 0.2.9.14
Tor versions 0.3.0 before 0.3.0.13
Tor versions 0.3.1 before 0.3.1.9
Tor version 0.2.5.16 and earlier
Description
The issue allows relays with incompletely downloaded descriptors to pick themselves in a circuit path. This leads to a degradation of anonymity.
Recommendations
For Tor versions 0.2.6 through 0.2.8 before 0.2.8.17, update to version 0.2.8.17 or later.
For Tor versions 0.2.9 before 0.2.9.14, update to version 0.2.9.14 or later.
For Tor versions 0.3.0 before 0.3.0.13, update to version 0.3.0.13 or later.
For Tor versions 0.3.1 before 0.3.1.9, update to version 0.3.1.9 or later.
For Tor version 0.2.5.16 and earlier, update to version 0.2.5.16 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Tor