First published: Sat Feb 26 2022(Updated: )
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | =9.0.7 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46702 is a vulnerability in Tor Browser 9.0.7 on Windows 10 build 10586 that allows local attackers to bypass anonymity and obtain information about visited onion services.
CVE-2021-46702 has a severity score of 5.5, which is considered medium.
Tor Browser 9.0.7 on Windows 10 build 10586 is affected by CVE-2021-46702.
An attacker can exploit CVE-2021-46702 by analyzing RAM memory on the target machine to obtain information about visited onion services.
No, only Tor Browser 9.0.7 on Windows 10 build 10586 is affected by CVE-2021-46702.