CVE-2026-44597

LOW

Tor < 0.4.9.7 - Out-of-Bounds Read via Malformed END/TRUNCATE/TRUNCATED Cell

Title source: llm

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.

Core 4

Core References

CVSS v3 3.7

EPSS 0.0045

EPSS Percentile 35.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-684

Status published

Products (2)

torproject/Tor < 0.4.9.7

torproject/tor < 0.4.9.7

Published May 07, 2026

Tracked Since May 07, 2026