vulnerability
Ubuntu: (CVE-2017-8822): tor vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Dec 3, 2017 | Nov 19, 2024 | Apr 16, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 3, 2017
Added
Nov 19, 2024
Modified
Apr 16, 2026
Description
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.
Solution
ubuntu-upgrade-tor
References
- CVE-2017-8822
- https://attackerkb.com/topics/CVE-2017-8822
- DEBIAN-DSA-4054
- EUVD-EUVD-2017-17765
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
- https://bugs.torproject.org/21534
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-17765
- https://www.cve.org/CVERecord?id=CVE-2017-8822
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.