CVE-2009-0654

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-0654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-0654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-0654

Published

2009-02-20T19:30:00Z

Modified

2025-01-08T03:22:20.265905Z

Summary

[none]

Details

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

References

Affected packages

Debian:11 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.5.9-1

0.4.5.10-1~bpo10+1

0.4.5.10-1~deb11u1

0.4.5.10-1

0.4.5.16-1

0.4.6.2-alpha-1

0.4.6.3-rc-1

0.4.6.4-rc-1

0.4.6.6-1

0.4.6.7-1

0.4.6.8-1~bpo10+2

0.4.6.8-1~bpo11+2

0.4.6.8-1

0.4.6.9-1

0.4.6.10-1~bpo10+1

0.4.6.10-1~bpo11+1

0.4.6.10-1

0.4.7.3-alpha-1

0.4.7.4-alpha-1

0.4.7.5-alpha-1

0.4.7.6-rc-1

0.4.7.7-1~bpo10+1

0.4.7.7-1~bpo11+1

0.4.7.7-1

0.4.7.8-1~bpo10+1

0.4.7.8-1~bpo11+1

0.4.7.8-1

0.4.7.9-1

0.4.7.10-1~bpo10+1

0.4.7.10-1~bpo11+1

0.4.7.10-1

0.4.7.11-1~bpo11+1

0.4.7.11-1

0.4.7.12-1

0.4.7.13-1~bpo11+1

0.4.7.13-1

0.4.7.16-1

0.4.8.4-2

0.4.8.5-1

0.4.8.6-1

0.4.8.7-1

0.4.8.8-1

0.4.8.9-1~bpo11+1

0.4.8.9-1~bpo12+1

0.4.8.9-1

0.4.8.10-1~bpo11+1

0.4.8.10-1~bpo12+1

0.4.8.10-1

0.4.8.11-1~bpo11+1

0.4.8.11-1~bpo12+1

0.4.8.11-1

0.4.8.12-1~bpo11+1

0.4.8.12-1~bpo12+1

0.4.8.12-1

0.4.8.12-1.1

0.4.8.13-1

0.4.8.13-2~bpo12+1

0.4.8.13-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.7.13-1

0.4.7.16-1

0.4.8.4-2

0.4.8.5-1

0.4.8.6-1

0.4.8.7-1

0.4.8.8-1

0.4.8.9-1~bpo11+1

0.4.8.9-1~bpo12+1

0.4.8.9-1

0.4.8.10-1~bpo11+1

0.4.8.10-1~bpo12+1

0.4.8.10-1

0.4.8.11-1~bpo11+1

0.4.8.11-1~bpo12+1

0.4.8.11-1

0.4.8.12-1~bpo11+1

0.4.8.12-1~bpo12+1

0.4.8.12-1

0.4.8.12-1.1

0.4.8.13-1

0.4.8.13-2~bpo12+1

0.4.8.13-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.7.13-1

0.4.7.16-1

0.4.8.4-2

0.4.8.5-1

0.4.8.6-1

0.4.8.7-1

0.4.8.8-1

0.4.8.9-1~bpo11+1

0.4.8.9-1~bpo12+1

0.4.8.9-1

0.4.8.10-1~bpo11+1

0.4.8.10-1~bpo12+1

0.4.8.10-1

0.4.8.11-1~bpo11+1

0.4.8.11-1~bpo12+1

0.4.8.11-1

0.4.8.12-1~bpo11+1

0.4.8.12-1~bpo12+1

0.4.8.12-1

0.4.8.12-1.1

0.4.8.13-1

0.4.8.13-2~bpo12+1

0.4.8.13-2

Ecosystem specific

{
    "urgency": "unimportant"
}