Shodan
Vulnerabilities
Vulnerable Software
Torproject:  >> Tor  >> 0.2.2.35  Security Vulnerabilities
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44603
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-05-07
CVE-2026-44600
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2026-44599
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-05-07
CVE-2023-23589
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-01-14
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-30
CVE-2021-34549
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-06-29
CVE-2021-34550
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
CVSS Score
7.5
EPSS Score
0.008
Published
2021-06-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved