Vulnerability Details : CVE-2021-46702
Potential exploit
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.
Vulnerability category: Information leak
Products affected by CVE-2021-46702
- cpe:2.3:a:torproject:tor:9.0.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-46702
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-46702
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-46702
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-46702
-
https://www.sciencedirect.com/science/article/pii/S0167404821001358
Tor forensics: Proposed workflow for client memory artefacts - ScienceDirectTechnical Description;Third Party Advisory
Jump to