pkg:Debian/tor
125 total CVEsCRITICAL2HIGH42MEDIUM9LOW1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.1CVE-2026-44603Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.from 0
- CRITICAL9.1CVE-2026-44597Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.from 0
- HIGH8.1CVE-2017-8823In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there…from 0, < 0.3.1.9-1
- HIGH7.5CVE-2026-44602Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.from 0
- HIGH7.5CVE-2026-44601Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TR…from 0
- HIGH7.5CVE-2022-33903Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.from 0, < 0.4.7.8-1
- from 0, < 0.3.5.16-1
- from 0, < 0.4.5.10-1~deb11u1
- from 0, < 0.4.5.9-1
- from 0, < 0.4.5.9-1
- from 0, < 0.4.5.9-1
- from 0, < 0.3.5.15-1
- from 0, < 0.3.5.14-1
- from 0, < 0.4.5.7-1
- HIGH7.5CVE-2020-15572Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to…from 0, < 0.4.3.6-1
- HIGH7.5CVE-2020-10593Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), a…from 0, < 0.4.2.7-1
- from 0, < 0.3.5.10-1
- from 0, < 0.4.2.7-1
- HIGH7.5CVE-2015-2929The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote ser…from 0, < 0.2.5.12-1
- from 0, < 0.2.4.27-1~deb6u1
- from 0, < 0.2.4.27-1
- from 0, < 0.2.5.12-1
- HIGH7.5CVE-2015-2689Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load,…from 0, < 0.2.5.11-1
- from 0, < 0.2.5.11-1
- from 0, < 0.2.4.26-1
- from 0, < 0.2.4.26-1~deb6u1
- HIGH7.5CVE-2019-8955In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against T…from 0, < 0.3.5.8-1
- from 0, < 0.3.2.10-1
- from 0, < 0.2.9.15-1
- from 0, < 0.3.2.10-1
- from 0, < 0.2.9.8-2
- from 0, < 0.2.4.27-3
- from 0, < 0.2.5.12-4
- HIGH7.5CVE-2017-8821In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an att…from 0, < 0.3.1.9-1
- HIGH7.5CVE-2017-8820In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote…from 0, < 0.3.1.9-1
- from 0, < 0.3.1.9-1
- from 0, < 0.2.5.16-1
- HIGH7.5CVE-2017-11565debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if th…from 0, < 0.3.1.7-1
- from 0, < 0.2.5.14-1
- from 0, < 0.2.4.29-1
- from 0, < 0.2.9.11-1
- from 0, < 0.2.4.27-2
- from 0, < 0.2.8.9-1
- from 0, < 0.2.5.12-3
- from 0, < 0.4.5.16-1
- from 0, < 0.4.5.16-1
- from 0, < 0.3.5.16-1+deb10u1
- from 0, < 0.2.9.12-1
- from 0, < 0.3.1.7-1
- MEDIUM5.3CVE-2026-44600Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.from 0
- MEDIUM5.3CVE-2026-44599Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.from 0
- MEDIUM5.3CVE-2021-28090Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.from 0, < 0.4.5.7-1
- MEDIUM5.3CVE-2020-8516The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect…from 0
- LOW3.7CVE-2017-8822In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays…from 0, < 0.3.1.9-1
- from 0
- from 0, < 0.2.4.23-1
- from 0, < 0.2.4.23-1~deb7u1
- —CVE-2012-2250Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol…from 0, < 0.2.3.24-rc-1
- from 0, < 0.2.4.23-1~deb6u1
- from 0, < 0.2.3.23-rc-1
- —CVE-2013-7295Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge plat…from 0, < 0.2.4.20-1
- —CVE-2012-5573The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell a…from 0, < 0.2.3.25-1
- —CVE-2012-4922The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, wh…from 0, < 0.2.3.22-rc-1
- —CVE-2012-4419The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attacke…from 0, < 0.2.3.22-rc-1
- —CVE-2012-3519routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which migh…from 0, < 0.2.3.20-rc-1
- from 0, < 0.2.3.20-rc-1
- from 0, < 0.2.2.39-1
- —CVE-2012-3517Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via v…from 0, < 0.2.3.20-rc-1
- —CVE-2011-4897Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname va…from 0, < 0.2.2.27-beta-1
- —CVE-2011-4896Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might a…from 0, < 0.2.2.27-beta-1
- —CVE-2011-4895Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which mak…from 0, < 0.2.2.34-1
- —CVE-2011-4894Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which m…from 0, < 0.2.2.34-1
- from 0, < 0.2.2.35-1
- from 0, < 0.2.2.35-1~squeeze+1
- —CVE-2011-2769Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR con…from 0, < 0.2.2.34-1
- from 0, < 0.2.1.31-1
- from 0, < 0.2.2.34-1
- —CVE-2011-1924Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of servi…from 0, < 0.2.1.30-1
- —CVE-2011-0493Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daem…from 0, < 0.2.1.29-1
- —CVE-2011-0492Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon ex…from 0, < 0.2.1.29-1
- —CVE-2011-0491The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allo…from 0, < 0.2.1.29-1
- —CVE-2011-0490Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attack…from 0, < 0.2.1.29-1
- —CVE-2011-0427Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (m…from 0, < 0.2.1.29-1
- —CVE-2011-0016Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain…from 0, < 0.2.1.29-1
- from 0, < 0.2.1.29-1~lenny+1
- from 0, < 0.2.1.29-1
- from 0, < 0.2.1.26-1~lenny+4
- from 0, < 0.2.1.26-6
- —CVE-2010-0385Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain…from 0, < 0.2.1.22-1
- —CVE-2010-0383Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easi…from 0, < 0.2.1.22-1
- —CVE-2009-2426The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allow…from 0, < 0.2.0.35-1
- —CVE-2009-2425Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.from 0, < 0.2.0.35-1
- —CVE-2009-0939Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," a…from 0, < 0.2.0.34-1
- —CVE-2009-0938Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed inp…from 0, < 0.2.0.34-1
- —CVE-2009-0937Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.from 0, < 0.2.0.34-1
- —CVE-2009-0936Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."from 0, < 0.2.0.34-1
- —CVE-2009-0654Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm th…from 0
- —CVE-2009-0414Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.from 0, < 0.2.0.33-1
- —CVE-2008-5398Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay i…from 0, < 0.2.0.32-1
- —CVE-2008-5397Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privi…from 0, < 0.2.0.32-1
- —CVE-2007-4174Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers…from 0, < 0.1.2.16-1
- —CVE-2007-4098Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over To…from 0, < 0.1.2.15-1
- —CVE-2007-4096Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified v…from 0, < 0.1.2.15-1
- —CVE-2007-4099Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers wit…from 0, < 0.1.2.15-1
- —CVE-2007-4097Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensiti…from 0, < 0.1.2.15-1
- —CVE-2007-3165Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anony…from 0, < 0.1.2.14-1
- —CVE-2007-1103Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make fal…from 0
- —CVE-2006-6893Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the s…from 0
- —CVE-2006-4508Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote a…from 0, < 0.1.1.23-1
- —CVE-2006-3414Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitraril…from 0, < 0.1.1.20-1
- —CVE-2006-3411TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier f…from 0, < 0.1.1.20-1
- —CVE-2006-3418Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers t…from 0, < 0.1.1.20-1
- —CVE-2006-3410Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to co…from 0, < 0.1.1.20-1
- —CVE-2006-3409Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffe…from 0, < 0.1.1.20-1
- —CVE-2006-3415Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MIT…from 0, < 0.1.1.20-1
- —CVE-2006-3413The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to o…from 0, < 0.1.1.20-1
- —CVE-2006-3419Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entr…from 0, < 0.1.1.20-1
- —CVE-2006-3408Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial…from 0, < 0.1.1.20-1
- —CVE-2006-3407Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.from 0, < 0.1.1.20-1
- —CVE-2006-3417Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred ove…from 0, < 0.1.1.20-1
- —CVE-2006-3412Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictio…from 0, < 0.1.1.20-1
- —CVE-2006-3416Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded.from 0, < 0.1.1.20-1
- —CVE-2006-0414Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses…from 0, < 0.1.1.11-alpha-1
- —CVE-2005-2643Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffi…from 0, < 0.1.0.14-1
- —CVE-2005-2050Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit se…from 0, < 0.0.9.10-1