CVE-2017-0377
HIGHTor 0.3.x < 0.3.0.9 - Exposure of Sensitive Information via Guard Selection Algorithm
Title source: llmDescription
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
References (5)
Core 5
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://trac.torproject.org/projects/tor/ticket/22753
Third Party Advisory x_refsource_confirm
https://security-tracker.debian.org/CVE-2017-0377
Release Notes, Vendor Advisory x_refsource_confirm
https://blog.torproject.org/blog/tor-0309-released-security-update-clients
Release Notes, Vendor Advisory x_refsource_confirm
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
Scores
CVSS v3
7.5
EPSS
0.0245
EPSS Percentile
82.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (9)
n/a/Tor
Tor
torproject/tor
0.3.0.1 alpha
torproject/tor
0.3.0.2 alpha
torproject/tor
0.3.0.3 alpha
torproject/tor
0.3.0.4
torproject/tor
0.3.0.5
torproject/tor
0.3.0.6
torproject/tor
0.3.0.7
torproject/tor
0.3.0.8
Published
Jul 02, 2017
Tracked Since
Feb 18, 2026