CVE-2021-34548
First published: Tue Jun 29 2021(Updated: )
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Torproject Tor | <0.3.5.15 | |
| Torproject Tor | >=0.4.0.0<0.4.4.9 | |
| Torproject Tor | >=0.4.5.0<0.4.5.9 | |
| Torproject Tor | >=0.4.6.0<0.4.6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-34548.
What is the severity of CVE-2021-34548?
The severity of CVE-2021-34548 is high with a severity value of 7.5.
How does CVE-2021-34548 affect Tor?
CVE-2021-34548 affects Tor versions up to 0.4.6.5, allowing an attacker to bypass access control for ending a stream by forging RELAY_END or RELAY_RESOLVED messages.
How can I fix CVE-2021-34548?
To fix CVE-2021-34548, users should upgrade to Tor version 0.4.6.5 or later.
Where can I find more information about CVE-2021-34548?
More information about CVE-2021-34548 can be found at the following references: [1] [2] [3].
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/torproject
- canonical/torproject tor
- version/torproject tor/0.4.0.0
- version/torproject tor/0.4.5.0
- version/torproject tor/0.4.6.0