2017-10-16 12:31:07 -04:00
{
2019-03-17 22:38:22 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org" ,
"ID" : "CVE-2017-0377" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tor" ,
"version" : {
"version_data" : [
{
"version_value" : "Tor"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2017-10-16 12:31:07 -04:00
{
2019-03-17 22:38:22 +00:00
"lang" : "eng" ,
"value" : "Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families."
2017-10-16 12:31:07 -04:00
}
2019-03-17 22:38:22 +00:00
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "privacy bypass"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "https://trac.torproject.org/projects/tor/ticket/22753" ,
"refsource" : "CONFIRM" ,
"url" : "https://trac.torproject.org/projects/tor/ticket/22753"
} ,
{
"name" : "https://security-tracker.debian.org/CVE-2017-0377" ,
"refsource" : "CONFIRM" ,
"url" : "https://security-tracker.debian.org/CVE-2017-0377"
} ,
{
"name" : "https://blog.torproject.org/blog/tor-0309-released-security-update-clients" ,
"refsource" : "CONFIRM" ,
"url" : "https://blog.torproject.org/blog/tor-0309-released-security-update-clients"
} ,
{
"name" : "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients" ,
"refsource" : "CONFIRM" ,
"url" : "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients"
} ,
{
"name" : "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350" ,
"refsource" : "CONFIRM" ,
"url" : "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350"
}
]
}
}
