What is CVE-2017-0380?

CVE-2017-0380 is a medium-severity vulnerability in Torproject Tor, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.9/10. Published 2017-09-18.

How severe is CVE-2017-0380?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Information disclosure in Torproject Tor

CVE-2017-0380

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attack…

EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Torproject Tor — versions 0.2.9.0, 0.2.9.1, 0.2.9.2
N/a Tor Before 0.3.1.7 — versions Tor before 0.3.1.7

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

security@debian.org (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)
security@debian.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
security@debian.org (vdb-entry, x_refsource_SECTRACK)
security@debian.org (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2017-0380?: CVE-2017-0380 is a medium-severity vulnerability in Torproject Tor, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.9/10. Published 2017-09-18.
How severe is CVE-2017-0380?: Medium severity. CVSS v3 base score is 5.9 out of 10.