Name of the Vulnerable Software and Affected Versions tor versions prior to 0.3.5.12

Description The issue concerns the Tor link protocol, where channels using obsolete versions were allowed to circumvent address-canonicity checks. This has been fixed by updating the tor package to version 0.3.5.12, which also addresses other bugs. Relays now thoroughly check for matching pending circuits before attaching them, including verifying address correctness and Ed25519 identities.

Recommendations For versions prior to 0.3.5.12, update the tor package to version 0.3.5.12 to fix the issues. As a temporary workaround, consider restricting the use of obsolete Tor link protocol versions to minimize the risk of exploitation.