CVE-2007-3165 Affecting tor package, versions <0.1.2.14-1
Threat Intelligence
EPSS
0.45% (76th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-TOR-370889
- published 11 Jun 2007
- disclosed 11 Jun 2007
Introduced: 11 Jun 2007
CVE-2007-3165 Open this link in a new tabHow to fix?
Upgrade Debian:10 tor to version 0.1.2.14-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream tor package and not the tor package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
CVSS Scores
version 3.1