CVE-2023-23589

Опубликовано: 14 янв. 2023

Источник: debian

EPSS Низкий

Описание

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tor	fixed	0.4.7.13-1		package

Примечания

https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc

EPSS

Процентиль: 49%

0.00258

Низкий

Связанные уязвимости

CVE-2023-23589

CVSS3: 6.5

ubuntu

около 3 лет назад

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

CVE-2023-23589

CVSS3: 6.5

nvd

около 3 лет назад

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

GHSA-6wqq-m34g-chqp

CVSS3: 6.5

github

около 3 лет назад

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

EPSS

Процентиль: 49%

0.00258

Низкий