CVE-2009-0654

20.02.2009, 19:30

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router.  NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	5.1 UNKNOWN	NETWORK	HIGH	AV:N/AC:H/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Vendor	Product	Version
tor	tor	𝑥 ≤ 0.2.0.34
tor	tor	0.2.0.1:alpha
tor	tor	0.2.0.2:alpha
tor	tor	0.2.0.3:alpha
tor	tor	0.2.0.4:alpha
tor	tor	0.2.0.5:alpha
tor	tor	0.2.0.6:alpha
tor	tor	0.2.0.7:alpha
tor	tor	0.2.0.8:alpha
tor	tor	0.2.0.9:alpha
tor	tor	0.2.0.10:alpha
tor	tor	0.2.0.11:alpha
tor	tor	0.2.0.12:alpha
tor	tor	0.2.0.13:alpha
tor	tor	0.2.0.14:alpha
tor	tor	0.2.0.15:alpha
tor	tor	0.2.0.16:alpha
tor	tor	0.2.0.17:alpha
tor	tor	0.2.0.18:alpha
tor	tor	0.2.0.19:alpha
tor	tor	0.2.0.20:alpha
tor	tor	0.2.0.21:alpha
tor	tor	0.2.0.22:alpha
tor	tor	0.2.0.23:alpha
tor	tor	0.2.0.24:alpha
tor	tor	0.2.0.25:alpha
tor	tor	0.2.0.26:alpha
tor	tor	0.2.0.27:alpha
tor	tor	0.2.0.28:alpha
tor	tor	0.2.0.29:alpha
tor	tor	0.2.0.30:alpha
tor	tor	0.2.0.31:alpha
tor	tor	0.2.0.32:alpha