VDB
CVE-2008-5398
CVE-2008-5398
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
EPSS 0.84% · 75.1th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
0.84%
75.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tor | tor | 0.1.1.26, *, 0 |
| n/a | n/a | * |
Timeline
- Dec 9, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- tor-clientdnsreject-security-bypass(47102) vdb
- 34583 third-party-advisory
- 32648 vdb
- 33025 third-party-advisory
- ADV-2008-3366 vdb
- http://blog.torproject.org/blog/tor-0.2.0.32-released url
- GLSA-200904-11 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-5398 advisory