FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
847f16e5-9406-11ed-a925-3065ec8fd3ecsecurity/tor -- SOCKS4(a) inversion bug

The Tor Project reports:

TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through

This is a report from hackerone:

We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.


Discovery 2023-01-12
Entry 2023-01-14
tor
< 0.4.7.13

https://hackerone.com/bugs?subject=torproject&report_id=1784589
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730