In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.
References
Link | Resource |
---|---|
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 | Vendor Advisory |
https://bugs.torproject.org/21534 | Issue Tracking Vendor Advisory |
https://bugs.torproject.org/24333 | Vendor Advisory |
https://www.debian.org/security/2017/dsa-4054 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2017-12-03T07:00:00
Updated: 2017-12-04T10:57:01
Reserved: 2017-05-07T00:00:00
Link: CVE-2017-8822
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-12-03T07:29:00.413
Modified: 2017-12-21T18:30:45.347
Link: CVE-2017-8822
JSON object: View
Redhat Information
No data.
CWE