CVE-2021-46702 — MEDIUM (5.5)

Vulnerability Description

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Torproject	Tor	9.0.7
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-404

References

https://www.sciencedirect.com/science/article/pii/S0167404821001358Technical DescriptionThird Party Advisory
https://www.sciencedirect.com/science/article/pii/S0167404821001358Technical DescriptionThird Party Advisory

FAQ

What is CVE-2021-46702?

CVE-2021-46702 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onio...

How severe is CVE-2021-46702?

CVE-2021-46702 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46702?

Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor, Microsoft Windows.