First published: Sun Feb 02 2020(Updated: )
** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | <=0.4.1.8 | |
Torproject Tor | >=0.4.2.0<=0.4.2.6 | |
debian/tor | <=0.4.5.16-1<=0.4.7.16-1<=0.4.8.12-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8516 is a vulnerability in the Tor daemon that allows remote attackers to discover circuit information.
The severity of CVE-2020-8516 is medium with a CVSS score of 5.3.
CVE-2020-8516 affects Tor versions 0.4.1.8 and 0.4.2.x through 0.4.2.6.
There is currently no remedy available for CVE-2020-8516. It is advised to update to a patched version when it becomes available.
You can find more information about CVE-2020-8516 at the following references: [Link 1](https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html), [Link 2](https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html), [Link 3](https://security-tracker.debian.org/tracker/CVE-2020-8516).