What is the severity of CVE-2013-7295?

CVE-2013-7295 has been classified as a moderate severity vulnerability due to its impact on cryptographic key generation.

How do I fix CVE-2013-7295?

To fix CVE-2013-7295, upgrade to Tor version 0.2.4.20 or later.

Which versions of Tor are affected by CVE-2013-7295?

CVE-2013-7295 affects all Tor versions prior to 0.2.4.20, including numerous alpha and release candidate versions.

What platforms are impacted by CVE-2013-7295?

CVE-2013-7295 specifically affects Intel Sandy Bridge and Ivy Bridge platforms when using certain OpenSSL configurations.

What types of keys are vulnerable in CVE-2013-7295?

CVE-2013-7295 affects the generation of relay identity keys and hidden-service identity keys.

Vulnerability/
CVE-2013-7295

medium

CWE

310

17/1/2014

12/2/2014

CVE-2013-7295

First published: Fri Jan 17 2014(Updated: )

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Tor Project Tor	<=0.2.4.19
Tor Project Tor	=0.2.4.1-alpha
Tor Project Tor	=0.2.4.2-alpha
Tor Project Tor	=0.2.4.3-alpha
Tor Project Tor	=0.2.4.4-alpha
Tor Project Tor	=0.2.4.5-alpha
Tor Project Tor	=0.2.4.6-alpha
Tor Project Tor	=0.2.4.7-alpha
Tor Project Tor	=0.2.4.8-alpha
Tor Project Tor	=0.2.4.9-alpha
Tor Project Tor	=0.2.4.10-alpha
Tor Project Tor	=0.2.4.11-alpha
Tor Project Tor	=0.2.4.12-alpha
Tor Project Tor	=0.2.4.13-alpha
Tor Project Tor	=0.2.4.14-alpha
Tor Project Tor	=0.2.4.15-rc
Tor Project Tor	=0.2.4.16-rc
Tor Project Tor	=0.2.4.17-rc
Tor Project Tor	=0.2.4.18-rc

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7295?
CVE-2013-7295 has been classified as a moderate severity vulnerability due to its impact on cryptographic key generation.
How do I fix CVE-2013-7295?
To fix CVE-2013-7295, upgrade to Tor version 0.2.4.20 or later.
Which versions of Tor are affected by CVE-2013-7295?
CVE-2013-7295 affects all Tor versions prior to 0.2.4.20, including numerous alpha and release candidate versions.
What platforms are impacted by CVE-2013-7295?
CVE-2013-7295 specifically affects Intel Sandy Bridge and Ivy Bridge platforms when using certain OpenSSL configurations.
What types of keys are vulnerable in CVE-2013-7295?
CVE-2013-7295 affects the generation of relay identity keys and hidden-service identity keys.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/torproject
canonical/tor project tor
version/tor project tor/0.2.4.19
version/tor project tor/0.2.4.1-alpha
version/tor project tor/0.2.4.2-alpha
version/tor project tor/0.2.4.3-alpha
version/tor project tor/0.2.4.4-alpha
version/tor project tor/0.2.4.5-alpha
version/tor project tor/0.2.4.6-alpha
version/tor project tor/0.2.4.7-alpha
version/tor project tor/0.2.4.8-alpha
version/tor project tor/0.2.4.9-alpha
version/tor project tor/0.2.4.10-alpha
version/tor project tor/0.2.4.11-alpha
version/tor project tor/0.2.4.12-alpha
version/tor project tor/0.2.4.13-alpha
version/tor project tor/0.2.4.14-alpha
version/tor project tor/0.2.4.15-rc
version/tor project tor/0.2.4.16-rc
version/tor project tor/0.2.4.17-rc
version/tor project tor/0.2.4.18-rc