CVE-2009-0654

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-0654

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-0654.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-0654

Downstream

DEBIAN-CVE-2009-0654

Published

2009-02-20T19:30:00Z

Modified

2026-04-10T03:40:38.453650Z

Summary

[none]

Details

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

References

http://blog.torproject.org/blog/one-cell-enough
http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu

CVE-2009-0654

Affected packages