Torproject Tor
20 CVEs affecting Torproject Tor. Latest disclosed: 2026-05-07. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-1254 | High | 7.5 | 2017-12-05 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. |
CVE-2017-0377 | High | 7.5 | 2017-07-02 | Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers t… |
CVE-2017-0376 | High | 7.5 | 2017-06-09 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell funct… |
CVE-2017-0375 | High | 7.5 | 2017-06-09 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function… |
CVE-2016-8860 | High | 7.5 | 2017-01-04 | Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementa… |
CVE-2017-16541 | Medium | 6.5 | 2017-11-04 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors invol… |
CVE-2017-0380 | Medium | 5.9 | 2017-09-18 | The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1… |
CVE-2026-44603 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
CVE-2026-44602 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
CVE-2026-44601 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. |
CVE-2026-44600 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. |
CVE-2026-44599 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
CVE-2026-44597 | Low | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. |
CVE-2014-5117 | | 2014-07-30 | Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for rem… | |
CVE-2012-2250 | | 2014-02-03 | Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorre… | |
CVE-2012-2249 | | 2014-02-03 | Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after t… | |
CVE-2013-7295 | | 2014-01-17 | Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not prop… | |
CVE-2012-5573 | | 2013-01-01 | The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might… | |
CVE-2012-4922 | | 2012-09-14 | The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote at… | |
CVE-2012-4419 | | 2012-09-14 | The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial… |