CVE-2024-35312

Name of the Vulnerable Software and Affected Versions Tor Arti versions prior to 1.2.3

Description The issue arises when building anonymizing circuits to or from an onion service with 'lite' or 'full' vanguards enabled, where the circuit manager code builds the circuits with one hop too few. This makes users more vulnerable to some kinds of traffic analysis when they run or visit onion services. Only users who make connections to Onion Services are affected, and malicious web pages can typically make such connections when Arti is used as a browser proxy.

Recommendations For Tor Arti versions prior to 1.2.3, rebuild arti with a fixed version of tor-circmgr: 0.18.1 or later. As a temporary workaround, consider preventing access to Tor Hidden Services by setting allow onion addrs = false in the Arti configuration file. Alternatively, for configurations with 'lite' vanguards, enabling the 'full vanguards' feature can provide some security improvement, despite having its own similar bug, though it comes with performance and reliability costs.