CVE-2009-0654

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router.  NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
tortor
𝑥
≤ 0.2.0.34
tortor
0.2.0.1
tortor
0.2.0.2
tortor
0.2.0.3
tortor
0.2.0.4
tortor
0.2.0.5
tortor
0.2.0.6
tortor
0.2.0.7
tortor
0.2.0.8
tortor
0.2.0.9
tortor
0.2.0.10
tortor
0.2.0.11
tortor
0.2.0.12
tortor
0.2.0.13
tortor
0.2.0.14
tortor
0.2.0.15
tortor
0.2.0.16
tortor
0.2.0.17
tortor
0.2.0.18
tortor
0.2.0.19
tortor
0.2.0.20
tortor
0.2.0.21
tortor
0.2.0.22
tortor
0.2.0.23
tortor
0.2.0.24
tortor
0.2.0.25
tortor
0.2.0.26
tortor
0.2.0.27
tortor
0.2.0.28
tortor
0.2.0.29
tortor
0.2.0.30
tortor
0.2.0.31
tortor
0.2.0.32
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bullseye (security)
vulnerable
bullseye
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored