CVE Daily

CVE-2008-5398

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddress...

Critical CVSS 9.3

Overview

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.

CWE: CWE-264 Published: 2008-12-09T00:30:00.597
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.3 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags