FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5d1e4f6a-ee4f-11ec-86c2-485b3931c969Tor - Unspecified high severity vulnerability

Tor organization reports:

TROVE-2022-001


Discovery 2022-06-14
Entry 2022-06-17
tor
< 0.4.7.8

https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
847f16e5-9406-11ed-a925-3065ec8fd3ecsecurity/tor -- SOCKS4(a) inversion bug

The Tor Project reports:

TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through

This is a report from hackerone:

We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.


Discovery 2023-01-12
Entry 2023-01-14
tor
< 0.4.7.13

https://hackerone.com/bugs?subject=torproject&report_id=1784589
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730