vulnerability
FreeBSD: VID-847f16e5-9406-11ed-a925-3065ec8fd3ec: security/tor -- SOCKS4(a) inversion bug
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:N/A:C) | Jan 14, 2023 | Jan 15, 2023 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:C)
Published
Jan 14, 2023
Added
Jan 15, 2023
Modified
Dec 10, 2025
Description
The Tor Project reports: TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through This is a report from hackerone: We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.
Solution
freebsd-upgrade-package-tor
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.