CVE-2021-38385

Name
CVE-2021-38385
Description
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://blog.torproject.org/node/2062
MISC https://blog.torproject.org
CONFIRM https://bugs.torproject.org/tpo/core/tor/40078

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= None < 0.3.5.16
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= 0.4.0.0 < 0.4.5.10
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* tor >= 0.4.6.0 < 0.4.6.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tor 3.14-community 0.4.5.10-r0 omni <omni+alpine@hack.org> fixed