Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

Published

2022-02-26T03:15:07.407

Last Modified

2024-11-21T06:34:35.990

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	torproject	tor	9.0.7	Yes
Operating System	microsoft	windows	-	No

References

https://www.sciencedirect.com/science/article/pii/S0167404821001358 Technical Description, Third Party Advisory ([email protected])
https://www.sciencedirect.com/science/article/pii/S0167404821001358 Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)