Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-0377 - log back

CVE-2017-0377 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Remote

Type

+	Session hijacking

Description

+	A security issue has been found in Tor <= 0.3.0.8, which could make it easier to eavesdrop on Tor users' traffic. When choosing which guard to use for a circuit, Tor avoids using a node that is in the same family that the exit node it selected, but this check was accidentally removed in 0.3.0.

References

+	https://blog.torproject.org/blog/tor-0309-released-security-update-clients
+	https://trac.torproject.org/projects/tor/ticket/22753
+	https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350

Notes