What is CVE-2021-39246?

CVE-2021-39246 is a vulnerability in Tor Browser versions 10.5.6 and 11.x through 11.0a4 that allows a correlation attack compromising the privacy of visits to v2 onion addresses.

How does CVE-2021-39246 affect Tor Browser?

CVE-2021-39246 affects Tor Browser versions 10.5.6 and 11.x through 11.0a4 by enabling a correlation attack that compromises the privacy of visits to v2 onion addresses.

What is the severity of CVE-2021-39246?

The severity of CVE-2021-39246 is medium with a CVSS score of 6.1.

How can CVE-2021-39246 be exploited?

CVE-2021-39246 can be exploited by an attacker comparing exact timestamps of locally logged onion-service visits to timestamp data collected by the destination.

Is Apple macOS or Linux Linux kernel affected by CVE-2021-39246?

No, Apple macOS and Linux Linux kernel are not affected by CVE-2021-39246.

Vulnerability/
CVE-2021-39246

medium

6.1

CWE

532

24/9/2021

4/8/2024

CVE-2021-39246

First published: Fri Sep 24 2021(Updated: )

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Torproject Tor Browser	<=10.5.6
Torproject Tor Browser	=11.0-alpha2
Torproject Tor Browser	=11.0-alpha4
Apple macOS
Linux Linux kernel
Microsoft Windows

Remedy

https://gitlab.torproject.org/tpo/core/tor/-/commit/80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-39246?
CVE-2021-39246 is a vulnerability in Tor Browser versions 10.5.6 and 11.x through 11.0a4 that allows a correlation attack compromising the privacy of visits to v2 onion addresses.
How does CVE-2021-39246 affect Tor Browser?
CVE-2021-39246 affects Tor Browser versions 10.5.6 and 11.x through 11.0a4 by enabling a correlation attack that compromises the privacy of visits to v2 onion addresses.
What is the severity of CVE-2021-39246?
The severity of CVE-2021-39246 is medium with a CVSS score of 6.1.
How can CVE-2021-39246 be exploited?
CVE-2021-39246 can be exploited by an attacker comparing exact timestamps of locally logged onion-service visits to timestamp data collected by the destination.
Is Apple macOS or Linux Linux kernel affected by CVE-2021-39246?
No, Apple macOS and Linux Linux kernel are not affected by CVE-2021-39246.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/torproject
canonical/torproject tor browser
version/torproject tor browser/10.5.6
version/torproject tor browser/11.0-alpha2
version/torproject tor browser/11.0-alpha4
vendor/apple
canonical/apple macos
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.