CVE-2021-46702
Last modified
CVE-2021-46702 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Torproject | Tor | 9.0.7 |
References
- https://www.sciencedirect.com/science/article/pii/S0167404821001358Technical Description, Third Party Advisory
- https://www.sciencedirect.com/science/article/pii/S0167404821001358Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-46702?
How severe is CVE-2021-46702?
How do I fix CVE-2021-46702?
Are you affected by CVE-2021-46702?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST