Gabi-250

**Name of the Vulnerable Software and Affected Versions** Tor Arti versions prior to 1.2.3 **Description** The issue arises when building anonymizing circuits to or from an onion service with 'lite' or 'full' vanguards enabled, where the circuit manager code builds the circuits with one hop too few. This makes users more vulnerable to some kinds of traffic analysis when they run or visit onion services. Only users who make connections to Onion Services are affected, and malicious web pages can typically make such connections when Arti is used as a browser proxy. **Recommendations** For Tor Arti versions prior to 1.2.3, rebuild `arti` with a fixed version of `tor-circmgr`: 0.18.1 or later. As a temporary workaround, consider preventing access to Tor Hidden Services by setting `allow onion addrs = false` in the Arti configuration file. Alternatively, for configurations with 'lite' vanguards, enabling the 'full vanguards' feature can provide some security improvement, despite having its own similar bug, though it comes with performance and reliability costs.