PT-2017-18553 · Tor+1 · Tor+1
Published
2017-12-01
·
Updated
2024-06-15
·
CVE-2017-8819
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Tor versions 0.2.5 through 0.2.5.15
Tor versions 0.2.6 through 0.2.8.16
Tor versions 0.2.9 through 0.2.9.13
Tor versions 0.3.0 through 0.3.0.12
Tor versions 0.3.1 through 0.3.1.8
Description
The replay-cache protection mechanism is ineffective for v2 onion services. An attacker can send many INTRODUCE2 cells to trigger this issue.
Recommendations
For Tor versions 0.2.5 through 0.2.5.15, update to version 0.2.5.16 or later.
For Tor versions 0.2.6 through 0.2.8.16, update to version 0.2.8.17 or later.
For Tor versions 0.2.9 through 0.2.9.13, update to version 0.2.9.14 or later.
For Tor versions 0.3.0 through 0.3.0.12, update to version 0.3.0.13 or later.
For Tor versions 0.3.1 through 0.3.1.8, update to version 0.3.1.9 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Tor