CVE-2021-46702

Published: Feb 26, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

Affected (1)

Products: Torproject: Tor

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Torproject Tor	Version 9.0.7

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (2)

https://www.sciencedirect.com/science/article/pii/S0167404821001358

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://www.sciencedirect.com/science/article/pii/S0167404821001358

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.