Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
2014-01-17T21:55:14.613
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:H/Au:N/C:P/I:P/A:N
4.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | torproject | tor | ≤ 0.2.4.19 | Yes |
| Application | torproject | tor | 0.2.4.1 | Yes |
| Application | torproject | tor | 0.2.4.2 | Yes |
| Application | torproject | tor | 0.2.4.3 | Yes |
| Application | torproject | tor | 0.2.4.4 | Yes |
| Application | torproject | tor | 0.2.4.5 | Yes |
| Application | torproject | tor | 0.2.4.6 | Yes |
| Application | torproject | tor | 0.2.4.7 | Yes |
| Application | torproject | tor | 0.2.4.8 | Yes |
| Application | torproject | tor | 0.2.4.9 | Yes |
| Application | torproject | tor | 0.2.4.10 | Yes |
| Application | torproject | tor | 0.2.4.11 | Yes |
| Application | torproject | tor | 0.2.4.12 | Yes |
| Application | torproject | tor | 0.2.4.13 | Yes |
| Application | torproject | tor | 0.2.4.14 | Yes |
| Application | torproject | tor | 0.2.4.15 | Yes |
| Application | torproject | tor | 0.2.4.16 | Yes |
| Application | torproject | tor | 0.2.4.17 | Yes |
| Application | torproject | tor | 0.2.4.18 | Yes |