CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

Published: Feb 26, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-46702
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-404

Affected Software
References

Software	From	Fixed in
torproject / tor	9.0.7	9.0.7.x

https://www.sciencedirect.com/science/article/pii/S0167404821001358

Vulnerability Database

289,599

CVE-2021-46702