VIR Vulnerability Intelligence Relay

CVE-2014-5117

medium
Published 2014-07-30 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.8

Description

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0.2.4.23-1
debian debianbullseyefixed0.2.4.23-1
debian debianforkyfixed0.2.4.23-1
debian debiansidfixed0.2.4.23-1
debian debiantrixiefixed0.2.4.23-1

Application impact
VendorProductVersionsFixed
torprojecttor{"endIncluding":"0.2.4.22"}
torprojecttor0.0.2
torprojecttor0.0.3
torprojecttor0.0.4
torprojecttor0.0.5
torprojecttor0.0.6
torprojecttor0.0.6.1
torprojecttor0.0.6.2
torprojecttor0.0.7
torprojecttor0.0.7.1
torprojecttor0.0.7.2
torprojecttor0.0.7.3
torprojecttor0.0.8.1
torprojecttor0.0.9.1
torprojecttor0.0.9.2
torprojecttor0.0.9.3
torprojecttor0.0.9.4
torprojecttor0.0.9.5
torprojecttor0.0.9.6
torprojecttor0.0.9.7
torprojecttor0.0.9.8
torprojecttor0.0.9.9
torprojecttor0.0.9.10
torprojecttor0.1.0.10
torprojecttor0.1.0.11
torprojecttor0.1.0.12
torprojecttor0.1.0.13
torprojecttor0.1.0.14
torprojecttor0.1.0.15
torprojecttor0.1.0.16
torprojecttor0.1.0.17
torprojecttor0.1.1.20
torprojecttor0.1.1.21
torprojecttor0.1.1.22
torprojecttor0.1.1.23
torprojecttor0.1.1.24
torprojecttor0.1.1.25
torprojecttor0.1.1.26
torprojecttor0.1.2.13
torprojecttor0.1.2.14
torprojecttor0.1.2.15
torprojecttor0.1.2.16
torprojecttor0.1.2.17
torprojecttor0.1.2.18
torprojecttor0.1.2.19
torprojecttor0.2.0.30
torprojecttor0.2.0.31
torprojecttor0.2.0.32
torprojecttor0.2.0.33
torprojecttor0.2.0.34
torprojecttor0.2.0.35
torprojecttor0.2.2.18
torprojecttor0.2.2.19
torprojecttor0.2.2.20
torprojecttor0.2.2.21
torprojecttor0.2.2.22
torprojecttor0.2.2.23
torprojecttor0.2.2.24
torprojecttor0.2.2.25
torprojecttor0.2.2.26
torprojecttor0.2.2.27
torprojecttor0.2.2.28
torprojecttor0.2.2.29
torprojecttor0.2.2.30
torprojecttor0.2.2.31
torprojecttor0.2.2.32
torprojecttor0.2.2.33
torprojecttor0.2.2.34
torprojecttor0.2.2.35
torprojecttor0.2.2.36
torprojecttor0.2.2.37
torprojecttor0.2.2.38
torprojecttor0.2.3
torprojecttor0.2.3.13
torprojecttor0.2.3.14
torprojecttor0.2.3.15
torprojecttor0.2.3.16
torprojecttor0.2.3.17
torprojecttor0.2.3.18
torprojecttor0.2.3.19
torprojecttor0.2.3.20
torprojecttor0.2.3.21
torprojecttor0.2.3.22
torprojecttor0.2.3.23
torprojecttor0.2.3.24
torprojecttor0.2.4.1
torprojecttor0.2.4.2
torprojecttor0.2.4.3
torprojecttor0.2.4.4
torprojecttor0.2.4.5
torprojecttor0.2.4.6
torprojecttor0.2.4.7
torprojecttor0.2.4.8
torprojecttor0.2.4.9
torprojecttor0.2.4.10
torprojecttor0.2.4.11
torprojecttor0.2.4.12
torprojecttor0.2.4.13
torprojecttor0.2.4.14
torprojecttor0.2.4.15
torprojecttor0.2.4.16
torprojecttor0.2.4.17
torprojecttor0.2.4.18
torprojecttor0.2.4.19
torprojecttor0.2.4.20
torprojecttor0.2.5.2
torprojecttor0.2.5.3
torprojecttor0.2.5.4
torprojecttor0.2.5.5

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.