CVE-2017-0380

Name of the Vulnerable Software and Affected Versions Tor versions 0.2.8.x through 0.2.8.14 Tor versions 0.2.9.x through 0.2.9.11 Tor versions 0.3.0.x through 0.3.0.10 Tor versions 0.3.1.x through 0.3.1.6 Tor versions 0.3.2.x through 0.3.2.0-alpha

Description The issue allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service. This is because uninitialized stack data is included in an error message about construction of an introduction point circuit when the rend service intro established function is used and SafeLogging is disabled.

Recommendations For Tor versions 0.2.8.x through 0.2.8.14, update to version 0.2.8.15 or later. For Tor versions 0.2.9.x through 0.2.9.11, update to version 0.2.9.12 or later. For Tor versions 0.3.0.x through 0.3.0.10, update to version 0.3.0.11 or later. For Tor versions 0.3.1.x through 0.3.1.6, update to version 0.3.1.7 or later. For Tor versions 0.3.2.x through 0.3.2.0-alpha, update to a version later than 0.3.2.0-alpha. As a temporary workaround, consider enabling SafeLogging to minimize the risk of exploitation.