CVE-2026-44597

EUVD-2026-28231
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
torprojecttor
𝑥
< 0.4.9.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bookworm
0.4.9.8-0+deb12u1
fixed
bookworm (security)
0.4.9.8-0+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
0.4.9.8-1
fixed
sid
0.4.9.9-1
fixed
trixie
0.4.9.8-0+deb13u1
fixed
trixie (security)
0.4.9.8-0+deb13u1
fixed
Common Weakness Enumeration
References
https://forum.torproject.org/c/news/tor-release-announcement/28
https://gitlab.torproject.org/tpo/core/tor/-/commit/8f98054b1982d00a14639864d03e9afd90b87481
https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254
https://www.openwall.com/lists/oss-security/2026/05/06/8