PT-2014-1709 · Tor+1 · Tor+1

Published

2014-07-30

Updated

2024-06-15

CVE-2014-5117

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.2.4.23 Tor versions 0.2.5 prior to 0.2.5.6-alpha

Description The issue makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY EARLY cells as a means of communicating information about hidden service names. This occurs because Tor maintains a circuit after an inbound RELAY EARLY cell is received by a client.

Recommendations For Tor versions prior to 0.2.4.23, update to version 0.2.4.23 or later. For Tor versions 0.2.5 prior to 0.2.5.6-alpha, update to version 0.2.5.6-alpha or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-2480

BDU:2015-00720

CVE-2014-5117

DLA-17-1

DSA-2993-1

MGASA-2014-0312

OPENSUSE-SU-2024:10423-1

Affected Products

Alt Linux

Tor

PT-2014-1709 · Tor+1 · Tor+1

CVE-2014-5117

Related Identifiers

Affected Products

References · 46