CVE-2017-8822

Sažetak

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

Reference

https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
https://bugs.torproject.org/21534
https://bugs.torproject.org/24333
https://www.debian.org/security/2017/dsa-4054

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-12-2017 - 18:30

Objavljeno

03-12-2017 - 07:29