Anonymity Flaw in Tor Browser Affects User Privacy
CVE-2017-0377

7.5HIGH

Key Information:

Vendor

Torproject

Status
Tor
Vendor
CVE Published:
2 July 2017

What is CVE-2017-0377?

A vulnerability in Tor 0.3.x prior to version 0.3.0.9 allows attackers to undermine user anonymity through a flawed guard-selection algorithm. This algorithm neglects to account for the family of the exit relay, creating an opportunity for remote attackers to exploit the configuration by leveraging large families of relays, ultimately compromising the intended anonymity features of the Tor network.

Affected Version(s)

Tor Tor

References

https://trac.torproject.org/projects/tor/ticket/22753
x_refsource_CONFIRM
https://security-tracker.debian.org/CVE-2017-0377
x_refsource_CONFIRM
https://blog.torproject.org/blog/tor-0309-released-securi...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.