Описание
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
Ссылки
- PatchVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.4.7.13 (исключая)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00258
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-693
Связанные уязвимости
CVSS3: 6.5
ubuntu
около 3 лет назад
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVSS3: 6.5
debian
около 3 лет назад
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...
CVSS3: 6.5
github
около 3 лет назад
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
EPSS
Процентиль: 49%
0.00258
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-693