CVE-2021-46702

MEDIUM

Tor Browser 9.0.7 - Info Disclosure

Title source: llm

Description

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

Exploits (2)

inthewild WORKING POC
poc
https://github.com/malakkf/cve-2021-46702
inthewild WORKING POC
poc
https://github.com/exmak-s/cve-2021-46702

References (1)

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 31.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-404
Status published
Products (1)
torproject/tor 9.0.7
Published Feb 26, 2022
Tracked Since Feb 18, 2026