CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0939

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile24.07th
PublishedMar 18, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.

Affected Platforms (CPE)

πŸ“¦
Tor

Tor

<= 0.2.0.33
πŸ“¦
Tor

Tor

= 0.2.0.1
πŸ“¦
Tor

Tor

= 0.2.0.2
πŸ“¦
Tor

Tor

= 0.2.0.3
πŸ“¦
Tor

Tor

= 0.2.0.4
πŸ“¦
Tor

Tor

= 0.2.0.5
πŸ“¦
Tor

Tor

= 0.2.0.6
πŸ“¦
Tor

Tor

= 0.2.0.10
πŸ“¦
Tor

Tor

= 0.2.0.11
πŸ“¦
Tor

Tor

= 0.2.0.12
πŸ“¦
Tor

Tor

= 0.2.0.13
πŸ“¦
Tor

Tor

= 0.2.0.14
πŸ“¦
Tor

Tor

= 0.2.0.15
πŸ“¦
Tor

Tor

= 0.2.0.16
πŸ“¦
Tor

Tor

= 0.2.0.17
πŸ“¦
Tor

Tor

= 0.2.0.18
πŸ“¦
Tor

Tor

= 0.2.0.19
πŸ“¦
Tor

Tor

= 0.2.0.20
πŸ“¦
Tor

Tor

= 0.2.0.21
πŸ“¦
Tor

Tor

= 0.2.0.22
πŸ“¦
Tor

Tor

= 0.2.0.23
πŸ“¦
Tor

Tor

= 0.2.0.24
πŸ“¦
Tor

Tor

= 0.2.0.25
πŸ“¦
Tor

Tor

= 0.2.0.26
πŸ“¦
Tor

Tor

= 0.2.0.27
πŸ“¦
Tor

Tor

= 0.2.0.28
πŸ“¦
Tor

Tor

= 0.2.0.29
πŸ“¦
Tor

Tor

= 0.2.0.30
πŸ“¦
Tor

Tor

= 0.2.0.31
πŸ“¦
Tor

Tor

= 0.2.0.32

References & Advisories

πŸ”— http://archives.seul.org/or/announce/Feb-2009/msg00000.html
πŸ”— http://secunia.com/advisories/33880
πŸ”— http://secunia.com/advisories/34583
πŸ”— http://security.gentoo.org/glsa/glsa-200904-11.xml
πŸ”— http://www.securityfocus.com/bid/33713
πŸ”— http://archives.seul.org/or/announce/Feb-2009/msg00000.html
πŸ”— http://secunia.com/advisories/33880
πŸ”— http://secunia.com/advisories/34583

Related Vulnerabilities

CVE-2010-167610.0

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of s...

CVE-2009-041410.0

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.

CVE-2018-169839.8

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the...

CVE-2008-53989.3

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exi...