CVE-2017-0377

7.5 HIGH

Published: July 02, 2017 Modified: May 13, 2026

Description

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://blog.torproject.org/blog/tor-0309-released-security-update-clients

Source: security@debian.org

Release Notes Vendor Advisory

https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients

Source: security@debian.org

Release Notes Vendor Advisory

https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350

Source: security@debian.org

Patch Third Party Advisory

https://security-tracker.debian.org/CVE-2017-0377

Source: security@debian.org

Third Party Advisory

https://trac.torproject.org/projects/tor/ticket/22753

Source: security@debian.org

Issue Tracking Vendor Advisory

https://blog.torproject.org/blog/tor-0309-released-security-update-clients