VDB
CVE-2009-2426
CVE-2009-2426
PUBLISHED
CVSS 5 MEDIUM
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.
EPSS 0.70% · 72.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.70%
72.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| tor | tor | 0.1.0.1, 0.1.0.2, 0.1.0.5 |
Timeline
- Jul 10, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 35546 third-party-advisory
- [or-announce] 20090625 Tor 0.2.0.35 is released mailing-list
- tor-connectionedge-spoofing(51377) vdb
- ADV-2009-1716 vdb
- 35505 vdb
- 55341 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2009-2426 advisory