CVE-2021-38385

Name
CVE-2021-38385
Description
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://blog.torproject.org/node/2062
MISC https://blog.torproject.org
CONFIRM https://bugs.torproject.org/tpo/core/tor/40078

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= None < 0.3.5.16
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= 0.4.0.0 < 0.4.5.10
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= 0.4.6.0 < 0.4.6.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tor edge-community 0.4.6.7-r0 omni <omni+alpine@hack.org> fixed
tor edge-community 0.4.6.5-r0 omni <omni+alpine@hack.org> possibly vulnerable
tor edge-community 0.4.5.7-r0 omni <omni+alpine@hack.org> possibly vulnerable
tor edge-community 0.4.2.7-r0 None possibly vulnerable
tor edge-community 0.3.5.8-r0 None possibly vulnerable
tor edge-community 0.3.2.10-r0 None possibly vulnerable
tor edge-community 0.3.0.8-r0 None possibly vulnerable
tor 3.22-community 0.4.6.7-r0 None fixed
tor 3.22-community 0.4.6.5-r0 None possibly vulnerable
tor 3.22-community 0.4.5.7-r0 None possibly vulnerable
tor 3.22-community 0.4.2.7-r0 None possibly vulnerable
tor 3.22-community 0.3.5.8-r0 None possibly vulnerable
tor 3.22-community 0.3.2.10-r0 None possibly vulnerable
tor 3.22-community 0.3.0.8-r0 None possibly vulnerable
tor 3.21-community 0.4.6.7-r0 None fixed
tor 3.20-community 0.4.6.7-r0 None fixed
tor 3.19-community 0.4.6.7-r0 None fixed
tor 3.18-community 0.4.6.7-r0 None fixed
tor 3.17-community 0.4.6.7-r0 None fixed