CVE-2021-39246
- Source
- https://cve.org/CVERecord?id=CVE-2021-39246
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39246.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-39246
- Published
- 2021-09-24T19:15:07.147Z
- Modified
- 2026-04-11T21:23:18.225502Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).
- References
-
- https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/434
- https://www.privacyaffairs.com/cve-2021-39246-tor-vulnerability
- https://gitlab.torproject.org/tpo/core/tor/-/commit/80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-111.md
- https://sick.codes/sick-2021-111
Affected packages
Git / gitlab.torproject.org/tpo/core/tor
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.torproject.org/tpo/core/tor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.torproject.org/tpo/core/tor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
debian-version-0.*
debian-version-0.0.1+0.0.2pre19-1
debian-version-0.0.1+0.0.2pre20-1
debian-version-0.0.1+0.0.2pre20-2
debian-version-0.0.1+0.0.2pre21-1
debian-version-0.0.1+0.0.2pre22-1
debian-version-0.0.1+0.0.2pre23-1
debian-version-0.0.1+0.0.2pre24-1
debian-version-0.0.1+0.0.2pre25-1
debian-version-0.0.1+0.0.2pre26-1
debian-version-0.0.1+0.0.2pre27-1
debian-version-0.0.2-1
debian-version-0.0.3-1
debian-version-0.0.4-1
debian-version-0.0.5+0.0.6rc2-1
debian-version-0.0.5+0.0.6rc3-1
debian-version-0.0.5+0.0.6rc4-1
debian-version-0.0.5-1
debian-version-0.0.6-1
debian-version-0.0.6.1-1
debian-version-0.0.6.2-1
debian-version-0.0.7+0.0.8rc1-1
debian-version-0.0.7-1
debian-version-0.0.7.1-1
debian-version-0.0.7.2+0.0.8pre2-1
debian-version-0.0.7.2+0.0.8pre3-1
debian-version-0.0.8+0.0.9pre1-1
debian-version-0.0.8+0.0.9pre2-1
debian-version-0.0.8+0.0.9pre3-1
debian-version-0.0.8+0.0.9pre4-1
debian-version-0.0.8+0.0.9pre5-1
debian-version-0.0.8+0.0.9pre5-2
debian-version-0.0.8+0.0.9pre6-1
debian-version-0.0.8+0.0.9rc1-1
debian-version-0.0.8+0.0.9rc2-1
debian-version-0.0.8+0.0.9rc3-1
debian-version-0.0.8+0.0.9rc5-1
debian-version-0.0.8+0.0.9rc6-1
debian-version-0.0.8+0.0.9rc7-1
debian-version-0.0.8-1
debian-version-0.0.9.1-1
debian-version-0.0.9.10-1
debian-version-0.0.9.2-1
debian-version-0.0.9.3-1
debian-version-0.0.9.4-1
debian-version-0.0.9.5-1
debian-version-0.0.9.6-1
debian-version-0.0.9.7-1
debian-version-0.0.9.8-1
debian-version-0.0.9.9-1
debian-version-0.1.0.1-rc-cvs-200503310807-1
debian-version-0.1.0.1-rc-cvs-200504010815-1
debian-version-0.1.0.10-0-pre.1
debian-version-0.1.0.11-0-pre.1
debian-version-0.1.0.11-1
debian-version-0.1.0.12-1
debian-version-0.1.0.13-1
debian-version-0.1.0.14-1
debian-version-0.1.0.14-2
debian-version-0.1.0.15-1
debian-version-0.1.0.16-1
debian-version-0.1.0.17-1
debian-version-0.1.0.2-rc-200504011500-1
debian-version-0.1.0.2-rc-200504011640-1
debian-version-0.1.0.2-rc-cvs-200504031300-1
debian-version-0.1.0.2-rc-cvs-200504061620-1
debian-version-0.1.0.2-rc-cvs-200504062112-1
debian-version-0.1.0.3-rc-200504080730-1
debian-version-0.1.0.3-rc-200504231430-1
debian-version-0.1.0.3-rc-cvs-200504231630-1
debian-version-0.1.0.4-rc-200504232130-1
debian-version-0.1.0.5-rc-200504272000-1
debian-version-0.1.0.7-rc-200505171420-1
debian-version-0.1.0.8-rc-1
debian-version-0.1.0.9-rc-1
debian-version-0.1.1.10-alpha-1
debian-version-0.1.1.11-alpha-1
debian-version-0.1.1.12-alpha-1
debian-version-0.1.1.13-alpha-1
debian-version-0.1.1.14-alpha-1
debian-version-0.1.1.15-rc-1
debian-version-0.1.1.16-rc-1
debian-version-0.1.1.17-rc-1
debian-version-0.1.1.18-rc-1
debian-version-0.1.1.19-rc-1
debian-version-0.1.1.20-1
debian-version-0.1.1.21-1
debian-version-0.1.1.22-1
debian-version-0.1.1.5-alpha-1
debian-version-0.1.1.6-alpha-1
debian-version-0.1.1.6-alpha-2
debian-version-0.1.1.7-alpha-1
debian-version-0.1.1.8-alpha-1
debian-version-0.1.1.9-alpha-1
tor-0.*
tor-0.0.2
tor-0.0.2pre13
tor-0.0.2pre14
tor-0.0.2pre16
tor-0.0.2pre17
tor-0.0.2pre18
tor-0.0.2pre19
tor-0.0.2pre20
tor-0.0.2pre22
tor-0.0.2pre23
tor-0.0.2pre24
tor-0.0.2pre25
tor-0.0.2pre27
tor-0.0.2pre8
tor-0.0.3
tor-0.0.4
tor-0.0.5
tor-0.0.6
tor-0.0.6.1
tor-0.0.6.2
tor-0.0.6incompat-merged
tor-0.0.7
tor-0.0.7.1
tor-0.0.7.2
tor-0.0.7rc1
tor-0.0.8
tor-0.0.8.1
tor-0.0.8pre1
tor-0.0.8pre2
tor-0.0.8pre3
tor-0.0.8rc1
tor-0.0.8rc2
tor-0.0.9
tor-0.0.9.1
tor-0.0.9.10
tor-0.0.9.2
tor-0.0.9.3
tor-0.0.9.5
tor-0.0.9.6
tor-0.0.9.7
tor-0.0.9.9
tor-0.0.9pre1
tor-0.0.9pre2
tor-0.0.9pre3
tor-0.0.9pre4
tor-0.0.9pre5
tor-0.0.9pre6
tor-0.0.9rc1
tor-0.0.9rc2
tor-0.0.9rc3
tor-0.0.9rc4
tor-0.0.9rc5
tor-0.0.9rc6
tor-0.0.9rc7
tor-0.1.0.1-rc
tor-0.1.0.10
tor-0.1.0.11
tor-0.1.0.12
tor-0.1.0.13
tor-0.1.0.14
tor-0.1.0.15
tor-0.1.0.16
tor-0.1.0.17
tor-0.1.0.2-rc
tor-0.1.0.4-rc
tor-0.1.0.5-rc
tor-0.1.0.6-rc
tor-0.1.0.7-rc
tor-0.1.0.9-rc
tor-0.1.1.1-alpha
tor-0.1.1.10-alpha
tor-0.1.1.11-alpha
tor-0.1.1.12-alpha
tor-0.1.1.13-alpha
tor-0.1.1.14-alpha
tor-0.1.1.15-rc
tor-0.1.1.16-rc
tor-0.1.1.17-rc
tor-0.1.1.18-rc
tor-0.1.1.19-rc
tor-0.1.1.2-alpha
tor-0.1.1.20
tor-0.1.1.21
tor-0.1.1.22
tor-0.1.1.4-alpha
tor-0.1.1.5-alpha
tor-0.1.1.6-alpha
tor-0.1.1.7-alpha
tor-0.1.1.8-alpha
tor-0.1.1.9-alpha
tor-0.1.2.1-alpha
tor-0.1.2.2-alpha
tor-0.1.2.3-alpha
tor-0.1.2.4-alpha
tor-0.1.2.5-alpha
tor-0.1.2.6-alpha
tor-0.1.2.7-alpha
tor-0.1.2.8-beta
tor-0.1.2.9-rc
tor-0.2.0.1-alpha
tor-0.2.0.10-alpha
tor-0.2.0.11-alpha
tor-0.2.0.12-alpha
tor-0.2.0.13-alpha
tor-0.2.0.14-alpha
tor-0.2.0.15-alpha
tor-0.2.0.16-alpha
tor-0.2.0.17-alpha
tor-0.2.0.18-alpha
tor-0.2.0.19-alpha
tor-0.2.0.2-alpha
tor-0.2.0.20-rc
tor-0.2.0.3-alpha
tor-0.2.0.4-alpha@11197
tor-0.2.0.5-alpha
tor-0.2.0.6-alpha
tor-0.2.0.7-alpha
tor-0.2.0.8-alpha
tor-0.2.0.9-alpha
tor-0.2.1.1-alpha
tor-0.2.1.10-alpha
tor-0.2.1.11-alpha
tor-0.2.1.13-alpha
tor-0.2.1.14-rc
tor-0.2.1.2-alpha
tor-0.2.1.3-alpha
tor-0.2.1.4-alpha
tor-0.2.1.5-alpha
tor-0.2.1.6-alpha
tor-0.2.1.7-alpha
tor-0.2.1.8-alpha
tor-0.2.1.9-alpha
tor-0.2.2.1-alpha
tor-0.2.2.10-alpha
tor-0.2.2.11-alpha
tor-0.2.2.12-alpha
tor-0.2.2.13-alpha
tor-0.2.2.14-alpha
tor-0.2.2.15-alpha
tor-0.2.2.16-alpha
tor-0.2.2.2-alpha
tor-0.2.2.3-alpha
tor-0.2.2.4-alpha
tor-0.2.2.5-alpha
tor-0.2.2.6-alpha
tor-0.2.2.7-alpha
tor-0.2.2.8-alpha
tor-0.2.2.9-alpha
tor-0.2.3.1-alpha
tor-0.2.3.10-alpha
tor-0.2.3.11-alpha
tor-0.2.3.12-alpha
tor-0.2.3.13-alpha
tor-0.2.3.14-alpha
tor-0.2.3.15-alpha
tor-0.2.3.16-alpha
tor-0.2.3.17-beta
tor-0.2.3.2-alpha
tor-0.2.3.3-alpha
tor-0.2.3.4-alpha
tor-0.2.3.5-alpha
tor-0.2.3.6-alpha
tor-0.2.3.7-alpha
tor-0.2.3.8-alpha
tor-0.2.3.9-alpha
tor-0.2.4.1-alpha
tor-0.2.4.10-alpha
tor-0.2.4.2-alpha
tor-0.2.4.3-alpha
tor-0.2.4.4-alpha
tor-0.2.4.5-alpha
tor-0.2.4.6-alpha
tor-0.2.4.7-alpha
tor-0.2.4.8-alpha
tor-0.2.4.9-alpha
tor-0.2.5.1-alpha
tor-0.2.5.2-alpha
tor-0.2.5.3-alpha
tor-0.2.5.4-alpha
tor-0.2.5.5-alpha
tor-0.2.6.1-alpha
tor-0.2.6.2-alpha
tor-0.2.6.3-alpha
tor-0.2.7.0-root
tor-0.2.7.1-alpha
tor-0.2.7.2-alpha
tor-0.2.7.3-rc
tor-0.2.8.1-alpha
tor-0.2.8.2-alpha
tor-0.2.9.0-root
tor-0.2.9.1-alpha
tor-0.2.9.2-alpha
tor-0.2.9.3-alpha
tor-0.2.9.4-alpha
tor-0.3.0.1-alpha
tor-0.3.0.2-alpha
tor-0.3.0.3-alpha
tor-0.3.1.1-alpha
tor-0.3.1.2-alpha
tor-0.3.1.3-alpha
tor-0.3.2.1-alpha
tor-0.3.2.2-alpha
tor-0.3.3.0-alpha-dev
tor-0.3.3.1-alpha
tor-0.3.3.2-alpha
tor-0.3.4.0-alpha-dev
tor-0.3.4.1-alpha
tor-0.3.4.2-alpha
tor-0.3.5.0-alpha-dev
tor-0.3.5.1-alpha
tor-0.3.5.2-alpha
tor-0.3.5.3-alpha
tor-0.4.0.1-alpha
tor-0.4.1.0-alpha-dev
tor-0.4.1.1-alpha
tor-0.4.1.2-alpha
tor-0.4.2.1-alpha
tor-0.4.2.2-alpha
tor-0.4.3.0-alpha-dev
tor-0.4.3.1-alpha
tor-0.4.3.2-alpha
tor-0.4.4.0-alpha-dev
tor-0.4.5.0-alpha-dev
tor-0.4.5.1-alpha
Database specific
vanir_signatures_modified
"2026-04-11T21:23:18Z"
vanir_signatures
[
{
"id": "CVE-2021-39246-8a8397d2",
"target": {
"file": "src/core/or/connection_edge.c",
"function": "connection_ap_handshake_rewrite_and_attach"
},
"deprecated": false,
"digest": {
"function_hash": "270670856525417116219992913658386403585",
"length": 8629.0
},
"signature_type": "Function",
"source": "https://gitlab.torproject.org/tpo/core/tor@80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9",
"signature_version": "v1"
},
{
"id": "CVE-2021-39246-f2d89d57",
"target": {
"file": "src/core/or/connection_edge.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"208357041382853836769027119441242105408",
"140778957979783126231207539226265898353",
"321796730246266014274177898922617126753",
"320548936161662153568767541826974652117"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://gitlab.torproject.org/tpo/core/tor@80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39246.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.5.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0-alpha2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0-alpha4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.5.6"
}
]
},
{
"events": [
{
"introduced": "11.x"
},
{
"last_affected": "11.0a4"
}
]
}
]