CVE-2009-0939

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
tortor
𝑥
≤ 0.2.0.33
tortor
0.2.0.1:alpha
tortor
0.2.0.2:alpha
tortor
0.2.0.3:alpha
tortor
0.2.0.4:alpha
tortor
0.2.0.5:alpha
tortor
0.2.0.6:alpha
tortor
0.2.0.10:alpha
tortor
0.2.0.11:alpha
tortor
0.2.0.12:alpha
tortor
0.2.0.13:alpha
tortor
0.2.0.14:alpha
tortor
0.2.0.15:alpha
tortor
0.2.0.16:alpha
tortor
0.2.0.17:alpha
tortor
0.2.0.18:alpha
tortor
0.2.0.19:alpha
tortor
0.2.0.20:alpha
tortor
0.2.0.21:alpha
tortor
0.2.0.22:alpha
tortor
0.2.0.23:alpha
tortor
0.2.0.24:alpha
tortor
0.2.0.25:alpha
tortor
0.2.0.26:alpha
tortor
0.2.0.27:alpha
tortor
0.2.0.28:alpha
tortor
0.2.0.29:alpha
tortor
0.2.0.30:alpha
tortor
0.2.0.31:alpha
tortor
0.2.0.32:alpha
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bullseye
0.4.5.16-1
fixed
bullseye (security)
0.4.5.16-1
fixed
bookworm
0.4.7.16-1
fixed
bookworm (security)
0.4.7.16-1
fixed
sid
0.4.8.13-2
fixed
trixie
0.4.8.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
karmic
dne
jaunty
dne
intrepid
not-affected
hardy
not-affected
gutsy
ignored
dapper
ignored
References
http://archives.seul.org/or/announce/Feb-2009/msg00000.html
http://secunia.com/advisories/33880
http://secunia.com/advisories/34583
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://www.securityfocus.com/bid/33713
http://archives.seul.org/or/announce/Feb-2009/msg00000.html
http://secunia.com/advisories/33880
http://secunia.com/advisories/34583
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://www.securityfocus.com/bid/33713