Vulnerability in Torproject Tor
CVE-2014-5117
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RE…
EPSS: 0.006 (69.9th percentile) — read the EPSS interpretation.
Affected products
- Torproject Tor — versions 0.0.2, 0.0.3, 0.0.4
- N/a — versions n/a
References
- 60084 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- 60647 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- [tor-talk] 20140730 Tor 0.2.5.6-alpha is out (mailing-list, x_refsource_MLIST)
- [tor-announce] 20140730 Tor security advisory: "relay early" traffic confirmation attack (Vendor Advisory, mailing-list, x_refsource_MLIST)
- [tor-announce] 20140730 Tor 0.2.4.23 is released (mailing-list, x_refsource_MLIST)