Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "44309939316981180280873473147461909284", "245585645262755064580175351139636454420", "276420338012471800371136648215023479706", "242564737634043682203735875492122356622" ], "threshold": 0.9 }, "source": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "signature_version": "v1", "id": "CVE-2017-0377-3ba73f86", "target": { "file": "src/or/nodelist.c" }, "signature_type": "Line", "deprecated": false }, { "digest": { "line_hashes": [ "130947375133832080065014793414556873519", "120268657075388148935762763694518608359", "2857889528935089052107406791916063482", "260857398991327691730483878311310381440", "172175267509838166657832256561720017092", "33865109398391995941849264184178983308" ], "threshold": 0.9 }, "source": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "signature_version": "v1", "id": "CVE-2017-0377-814b7942", "target": { "file": "src/or/entrynodes.c" }, "signature_type": "Line", "deprecated": false }, { "digest": { "length": 193.0, "function_hash": "4770935110876737590891931296231995318" }, "source": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "signature_version": "v1", "id": "CVE-2017-0377-a8e4b5b9", "target": { "function": "entry_guard_obeys_restriction", "file": "src/or/entrynodes.c" }, "signature_type": "Function", "deprecated": false }, { "digest": { "length": 139.0, "function_hash": "251812826122832502133715654618947189496" }, "source": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "signature_version": "v1", "id": "CVE-2017-0377-b33a84f1", "target": { "function": "addrs_in_same_network_family", "file": "src/or/nodelist.c" }, "signature_type": "Function", "deprecated": false }, { "digest": { "line_hashes": [ "144861746393319512936649912835876713466", "237643910232194103654179137966429429850", "51470496634927409790148542464069951910", "274032112497314191036839052981469061771" ], "threshold": 0.9 }, "source": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "signature_version": "v1", "id": "CVE-2017-0377-e6fb9c72", "target": { "file": "src/or/nodelist.h" }, "signature_type": "Line", "deprecated": false } ] }