Replay-cache Vulnerability in Tor Before Version 0.3.1.9
CVE-2017-8819

7.5HIGH

Key Information:

Vendor: Tor Project
Status: Tor Before 0.2.5.16, 0.2.6 Through 0.2.8 Before 0.2.8.17, 0.2.9 Before 0.2.9.14, 0.3.0 Before 0.3.0.13, And 0.3.1 Before 0.3.1.9
Vendor: CVE Published:; 3 December 2017

🔔 Create Tor Project Vulnerability Alert

What is CVE-2017-8819?

In specific versions of the Tor anonymity software, a weakness exists in the replay-cache protection mechanism for v2 onion services. This flaw enables an attacker to send numerous INTRODUCE2 cells, potentially leading to exploitation. The affected versions include those prior to 0.2.5.16, various releases from 0.2.6 to 0.2.8, and up to 0.3.1.9. Users are urged to upgrade to the latest secure versions to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9 Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9