FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
847f16e5-9406-11ed-a925-3065ec8fd3ecsecurity/tor -- SOCKS4(a) inversion bug

The Tor Project reports:

TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through

This is a report from hackerone:

We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.


Discovery 2023-01-12
Entry 2023-01-14
tor
< 0.4.7.13

https://hackerone.com/bugs?subject=torproject&report_id=1784589
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2tor -- security regression

The Tor Project reports:

Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.


Discovery 2017-06-29
Entry 2017-06-30
tor
< 0.3.0.9

tor-devel
< 0.3.1.4.a

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html
CVE-2017-0377
5d1e4f6a-ee4f-11ec-86c2-485b3931c969Tor - Unspecified high severity vulnerability

Tor organization reports:

TROVE-2022-001


Discovery 2022-06-14
Entry 2022-06-17
tor
< 0.4.7.8

https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
c1dc55dc-9556-11e6-b154-3065ec8fd3ecTor -- remote denial of service

The Tor Blog reports:

Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).


Discovery 2016-10-17
Entry 2016-10-18
tor
< 0.2.8.9

tor-devel
< 0.2.9.4-alpha

https://blog.torproject.org/blog/tor-0289-released-important-fixes
36ef8753-d86f-11e7-ad28-0025908740c2tor -- Use-after-free in onion service v2

The Torproject.org reports:

  • TROVE-2017-009: Replay-cache ineffective for v2 onion services
  • TROVE-2017-010: Remote DoS attack against directory authorities
  • TROVE-2017-011: An attacker can make Tor ask for a password
  • TROVE-2017-012: Relays can pick themselves in a circuit path
  • TROVE-2017-013: Use-after-free in onion service v2

Discovery 2017-12-01
Entry 2017-12-14
tor
< 0.3.1.9

https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8819