exploitDog

CVE-2017-8822

Опубликовано: 03 дек. 2017

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

Ссылки

https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
Vendor Advisory
https://bugs.torproject.org/21534
Issue Tracking
Vendor Advisory
https://bugs.torproject.org/24333
Vendor Advisory
https://www.debian.org/security/2017/dsa-4054
Third Party Advisory
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
Vendor Advisory
https://bugs.torproject.org/21534
Issue Tracking
Vendor Advisory
https://bugs.torproject.org/24333
Vendor Advisory
https://www.debian.org/security/2017/dsa-4054
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*

Версия до 0.2.5.16 (исключая)

cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*

Версия от 0.2.6 (включая) до 0.2.8.17 (исключая)

cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*

Версия от 0.2.9 (включая) до 0.2.9.14 (исключая)

cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*

Версия от 0.3.0 (включая) до 0.3.0.13 (исключая)

cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*

Версия от 0.3.1 (включая) до 0.3.1.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-417

Связанные уязвимости

CVE-2017-8822

CVSS3: 3.7

ubuntu

около 8 лет назад

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

CVE-2017-8822

CVSS3: 3.7

debian

около 8 лет назад

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...

GHSA-6j8p-f9mw-w2qg

CVSS3: 3.7

github

больше 3 лет назад

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

EPSS

Процентиль: 53%

0.00304

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-417