Home > Vulnerability Database > CVE-2017-8822

Mend.io Vulnerability Database

CVE-2017-8822

Date: December 3, 2017

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

Language: C

Severity Score

3.7

Related Resources (8)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8822

Url: https://bugs.torproject.org/24333

Url: https://www.debian.org/security/2017/dsa-4054

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-8822

Url: https://bugs.torproject.org/21534

Url: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516

Url: https://security-tracker.debian.org/tracker/CVE-2017-8822

Url: https://www.mend.io/vulnerability-database/CVE-2017-8822

Severity Score

3.7

Weakness Type (CWE)

Channel and Path Errors

CWE-417

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-8822

Date: December 3, 2017

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?