Vulnerability Description
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Torproject | Tor | 0.3.0.1 |
Related Weaknesses (CWE)
References
- https://blog.torproject.org/blog/tor-0309-released-security-update-clientsRelease NotesVendor Advisory
- https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clientsRelease NotesVendor Advisory
- https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c054802735PatchThird Party Advisory
- https://security-tracker.debian.org/CVE-2017-0377Third Party Advisory
- https://trac.torproject.org/projects/tor/ticket/22753Issue TrackingVendor Advisory
- https://blog.torproject.org/blog/tor-0309-released-security-update-clientsRelease NotesVendor Advisory
- https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clientsRelease NotesVendor Advisory
- https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c054802735PatchThird Party Advisory
- https://security-tracker.debian.org/CVE-2017-0377Third Party Advisory
- https://trac.torproject.org/projects/tor/ticket/22753Issue TrackingVendor Advisory
FAQ
What is CVE-2017-0377?
CVE-2017-0377 is a vulnerability with a CVSS score of 7.5 (HIGH). Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by...
How severe is CVE-2017-0377?
CVE-2017-0377 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0377?
Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor.