CVE-2009-2426
EPSS 0.70%
Description
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.
How to fix CVE-2009-2426
To remediate CVE-2009-2426, upgrade the affected package to a fixed version below.
- Debian/tor—upgrade to 0.2.0.35-1 or later
Is CVE-2009-2426 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.2.0.35-1