CVE-2020-8516

Name of the Vulnerable Software and Affected Versions Tor versions 0.4.1.8 and 0.4.2.x through 0.4.2.6

Description The daemon in Tor does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. The network team of Tor claims this is an intended behavior and not a vulnerability.

Recommendations For Tor versions 0.4.1.8, consider updating to a version where this behavior is addressed, if available. For Tor versions 0.4.2.x through 0.4.2.6, consider updating to a version where this behavior is addressed, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.