CVE-2020-8516 — MEDIUM (5.3)

Q: How severe is CVE-2020-8516?

CVE-2020-8516 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8516?

Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor.

Vulnerability Description

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Torproject	Tor	<= 0.4.1.8

References

https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.htmlMailing ListVendor Advisory
https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.htmlMailing ListVendor Advisory
https://security-tracker.debian.org/tracker/CVE-2020-8516Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/33129Issue TrackingVendor Advisory
https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-CircExploitMitigationTechnical Description
https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.htmlMailing ListVendor Advisory
https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.htmlMailing ListVendor Advisory
https://security-tracker.debian.org/tracker/CVE-2020-8516Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/33129Issue TrackingVendor Advisory
https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-CircExploitMitigationTechnical Description

FAQ

What is CVE-2020-8516?

CVE-2020-8516 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to dis...

How severe is CVE-2020-8516?

CVE-2020-8516 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8516?

Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor.