Denial of Service Vulnerability in Tor by The Tor Project
CVE-2022-33903

7.5HIGH

Key Information:

Vendor: Torproject
Status: Tor
Vendor: CVE Published:; 17 July 2022

What is CVE-2022-33903?

A vulnerability in the Tor software allows attackers to disrupt the network's performance by manipulating round-trip time (RTT) estimation mechanisms, leading to a denial of service. This affects the reliability and accessibility of Tor services, creating potential downtime for users relying on secure and anonymous internet access. Addressing this issue is essential to maintain the integrity and functionality of the Tor network.

References

https://lists.torproject.org/pipermail/tor-announce/2022-...

https://security-tracker.debian.org/tracker/CVE-2022-33903

https://security.gentoo.org/glsa/202305-11

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2022
Vulnerability Reserved
Jun 17, 2022

CVE-2022-33903 Data

JSON

Torproject

What is CVE-2022-33903?

References

CVSS V3.1

Timeline