CVE-2017-0377

Source
Severity Medium
Remote Yes
Type Session hijacking
Description
A security issue has been found in Tor <= 0.3.0.8, which could make it easier to eavesdrop on Tor users' traffic. When choosing which guard to use for a circuit, Tor avoids using a node that is in the same family that the exit node it selected, but this check was accidentally removed in 0.3.0.
Group Package Affected Fixed Severity Status Ticket
AVG-336 tor 0.3.0.8-3 0.3.0.9-1 Medium Fixed
Date Advisory Group Package Severity Description
11 Jul 2017 ASA-201707-8 AVG-336 tor Medium session hijacking
References
https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://trac.torproject.org/projects/tor/ticket/22753
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350