CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
| Software | From | Fixed in |
|---|---|---|
| torproject / tor | 0.3.0.3-alpha | 0.3.0.3-alpha.x |
| torproject / tor | 0.3.0.1-alpha | 0.3.0.1-alpha.x |
| torproject / tor | 0.3.0.2-alpha | 0.3.0.2-alpha.x |
| torproject / tor | 0.3.0.7 | 0.3.0.7.x |
| torproject / tor | 0.3.0.4 | 0.3.0.4.x |
| torproject / tor | 0.3.0.8 | 0.3.0.8.x |
| torproject / tor | 0.3.0.5 | 0.3.0.5.x |
| torproject / tor | 0.3.0.6 | 0.3.0.6.x |
- https://blog.torproject.org/blog/tor-0309-released-security-update-clients
- https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
- https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
- https://security-tracker.debian.org/CVE-2017-0377
- https://trac.torproject.org/projects/tor/ticket/22753
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime