Vulnerabilities > CVE-2021-38385 - Reachable Assertion vulnerability in Torproject TOR

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
torproject
CWE-617

Summary

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

Vulnerable Configurations

Part Description Count
Application
Torproject
495

Common Weakness Enumeration (CWE)