| CVE-2017-8823 |
AVG-539 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Tor before 0.3.1.9, leading to a crash of v2 Tor onion services when they failed to open circuits while... |
| CVE-2017-8822 |
AVG-539 |
High |
Yes |
Information disclosure |
In Tor before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity,... |
| CVE-2017-8820 |
AVG-539 |
Medium |
Yes |
Denial of service |
A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before 0.3.1.9. |
| CVE-2017-8819 |
AVG-539 |
Medium |
Yes |
Information disclosure |
An issue has been found in the way Tor before 0.3.1.9 checked for replays, leading to a possible traffic confirmation attack. |
| CVE-2017-0377 |
AVG-336 |
Medium |
Yes |
Session hijacking |
A security issue has been found in Tor <= 0.3.0.8, which could make it easier to eavesdrop on Tor users' traffic. When choosing which guard to use for a... |
| CVE-2017-0376 |
AVG-296 |
Medium |
Yes |
Denial of service |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell... |
| CVE-2017-0375 |
AVG-296 |
Medium |
Yes |
Denial of service |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_... |