Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Published: Jul 2, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-0377
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
torproject / tor	0.3.0.3-alpha	0.3.0.3-alpha.x
torproject / tor	0.3.0.1-alpha	0.3.0.1-alpha.x
torproject / tor	0.3.0.2-alpha	0.3.0.2-alpha.x
torproject / tor	0.3.0.7	0.3.0.7.x
torproject / tor	0.3.0.4	0.3.0.4.x
torproject / tor	0.3.0.8	0.3.0.8.x
torproject / tor	0.3.0.5	0.3.0.5.x
torproject / tor	0.3.0.6	0.3.0.6.x