Shodan
Vulnerabilities
Vulnerable Software
Torproject:  >> Tor  >> 0.3.5.15  Security Vulnerabilities
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44603
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44600
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2026-44599
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2023-23589
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-01-14
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-30
CVE-2020-8516
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
CVSS Score
5.3
EPSS Score
0.013
Published
2020-02-02
CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
CVSS Score
6.5
EPSS Score
0.077
Published
2017-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved