CVE-2009-0939

EUVD-2009-0936
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
tortor
𝑥
≤ 0.2.0.33
tortor
0.2.0.1:alpha
tortor
0.2.0.2:alpha
tortor
0.2.0.3:alpha
tortor
0.2.0.4:alpha
tortor
0.2.0.5:alpha
tortor
0.2.0.6:alpha
tortor
0.2.0.10:alpha
tortor
0.2.0.11:alpha
tortor
0.2.0.12:alpha
tortor
0.2.0.13:alpha
tortor
0.2.0.14:alpha
tortor
0.2.0.15:alpha
tortor
0.2.0.16:alpha
tortor
0.2.0.17:alpha
tortor
0.2.0.18:alpha
tortor
0.2.0.19:alpha
tortor
0.2.0.20:alpha
tortor
0.2.0.21:alpha
tortor
0.2.0.22:alpha
tortor
0.2.0.23:alpha
tortor
0.2.0.24:alpha
tortor
0.2.0.25:alpha
tortor
0.2.0.26:alpha
tortor
0.2.0.27:alpha
tortor
0.2.0.28:alpha
tortor
0.2.0.29:alpha
tortor
0.2.0.30:alpha
tortor
0.2.0.31:alpha
tortor
0.2.0.32:alpha
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bookworm
0.4.7.16-1
fixed
bookworm (security)
0.4.7.16-1
fixed
bullseye
0.4.5.16-1
fixed
bullseye (security)
0.4.5.16-1
fixed
sid
0.4.8.13-2
fixed
trixie
0.4.8.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
dapper
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
dne
karmic
dne
References
http://archives.seul.org/or/announce/Feb-2009/msg00000.html
http://secunia.com/advisories/33880
http://secunia.com/advisories/34583
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://www.securityfocus.com/bid/33713
http://archives.seul.org/or/announce/Feb-2009/msg00000.html
http://secunia.com/advisories/33880
http://secunia.com/advisories/34583
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://www.securityfocus.com/bid/33713