CVE-2020-8516

** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*

History

18 Apr 2022, 14:30

Type Values Removed Values Added
CWE CWE-200 NVD-CWE-noinfo
References (MISC) https://security-tracker.debian.org/tracker/CVE-2020-8516 - (MISC) https://security-tracker.debian.org/tracker/CVE-2020-8516 - Third Party Advisory
References (MISC) https://trac.torproject.org/projects/tor/ticket/33129 - (MISC) https://trac.torproject.org/projects/tor/ticket/33129 - Issue Tracking, Vendor Advisory
References (MISC) https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html - (MISC) https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html - Mailing List, Vendor Advisory
References (MISC) https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html - (MISC) https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html - Mailing List, Vendor Advisory

Information

Published : 2020-02-02 13:15

Updated : 2024-08-04 10:15


NVD link : CVE-2020-8516

Mitre link : CVE-2020-8516

CVE.ORG link : CVE-2020-8516


JSON object : View

Products Affected

torproject

  • tor