← Back

CVE-2021-28090

nvd nist
Published: Mar 19, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

Affected (8)

Torproject
1 product
Tor
Fedoraproject
1 product
Fedora
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Torproject
Tor
Before 0.3.5.14
Tor
From 0.4.4.4 to 0.4.4.8
Tor
From 0.4.5.0 to 0.4.5.7
Tor
Version 0.4.4.0 alpha
Tor
Version 0.4.4.1 alpha
Tor
Version 0.4.4.2 alpha
Tor
Version 0.4.4.3 alpha
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 33

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (10)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.