Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
Max CVSS
9.3
EPSS Score
0.65%
Published
2008-12-09
Updated
2017-08-08
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-12-09
Updated
2017-08-08
2 vulnerabilities found