TROVE: Tor Registry Of Vulnerabilities and Exposures

This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, the month, and an index.

For more information on the security policy we're using here, see the network team Security Policy page.

For high-severity issues not already publicly disclosed or being exploited, we will fix them in all affected releases, all at once, as soon as we can. We will notify the world that such a bug exists in advance of the patch, and we will release the patch once we believe it works.

TROVE ID Ticket Severity Bug In Fix In Synopsis CVE Id extra
TROVE-2016-10-001 #20384 , #20894 Medium 0.2.4,28,,,, buf_t buffer read beyond end CVE-2016-8860 (Debian: tracker DSA-3694 DLA-663-1)
TROVE-2016-12-002 #21018 Medium,,,,, parse HS descs one byte past end CVE-2016-1254 (Debian: tracker DSA-3741 DLA-754-1)
TROVE-2017-001 #21278 Medium 0.0.8pre1,,,,,,, Signed integer overflow when comparing versions
TROVE-2017-002 #22253, #22246 Medium, Remotely triggerable assertion failure in relays
TROVE-2017-003 #22268 Low,,, Impersonation of a single a few fallback directory mirrors initial post
TROVE-2017-004 #22493 High, Remote assertion failure against hidden services CVE-2017-0375 (Debian: tracker)
TROVE-2017-005 #22494 High,,,,,, Remote assertion failure against hidden services CVE-2017-0376 (Debian: tracker, #864424 DSA-3877 DLA-982-1))
TROVE-2017-006 #22753 Medium, Path selection issue CVE-2017-0377 (Debian: tracker )
TROVE-2017-007 #22789 Medium,,,, Remote assertion failure on openbsd
TROVE-2017-008 #23490 Medium,,, Stack disclosure in hidden services logs when SafeLogging disabled CVE-2017-0380 (Debian: tracker, #876221)
TROVE-2017-009 #24244 Medium 0.2.4 and later,,,,, Replay-cache ineffective for v2 onion services. CVE-2017-8819 (Debian: tracker, DSA-4054 )
TROVE-2017-010 #24245 Medium 0.2.9 and later,,, Remote DoS attack against directory authorities CVE-2017-8820 (Debian: tracker, DSA-4054 )
TROVE-2017-011 #24246 High all Tor versions,,,,, An attacker can make Tor ask for a password CVE-2017-8821 (Debian: tracker, DSA-4054 )
TROVE-2017-012 #24333 Medium 0.2.5 and later,,,,, Relays can pick themselves in a circuit path CVE-2017-8822 (Debian: tracker, DSA-4054 )
TROVE-2017-013 #24430 High 0.2.7 and later,,,, Use-after-free in onion service v2 CVE-2017-8823 (Debian: tracker, DSA-4054 )
TROVE-2018-001 #25074 Medium,,, Remote assertion failure in directory authority protocol handling CVE-2018-0490
TROVE-2018-002 #25117 Medium, Use-after-free in KIST scheduler CVE-2018-0491
TROVE-2018-003 #25250 Low Infinite loop in rust protover code n/a n/a
TROVE-2018-004 #25251 Low,,, Crash on bad protocol information in consensus n/a n/a
TROVE-2018-005 #25517 Medium/Low, Memory exhaustion against directory authorities n/a n/a
TROVE-2018-006 #28630 n/a n/a n/a false alarm
TROVE-2019-001 #29168 Medium,,, Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks CVE-2019-8955
TROVE-2020-001 #33119 Medium
TROVE-2020-002 #33120 High,,, Remote CPU-based denial of service CVE-2020-10592
TROVE-2020-003 #33137 Low,,, Local crash, requires authenticated access to control port n/a
TROVE-2020-004 #33619 Medium,, Remotely triggered memory leak CVE-2020-10593

Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, visit .

Last modified 5 months ago Last modified on May 11, 2020, 5:25:46 PM