The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
{
"versions": [
{
"introduced": "0"
},
{
"fixed": "0.4.7.13"
}
]
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"307772956096745468774975246938715356079",
"147044844402957694550310823875177869918",
"93200883094845881502080359252066234921",
"305305595534529948475529125665439507443"
]
},
"deprecated": false,
"id": "CVE-2023-23589-251611a3",
"signature_version": "v1",
"target": {
"file": "src/core/proto/proto_socks.c"
},
"signature_type": "Line",
"source": "https://gitlab.torproject.org/tpo/core/tor@a282145b3634547ab84ccd959d0537c021ff7ffc"
},
{
"digest": {
"length": 1009.0,
"function_hash": "98386025198757503419272516431704592524"
},
"deprecated": false,
"id": "CVE-2023-23589-7ff62677",
"signature_version": "v1",
"target": {
"file": "src/core/proto/proto_socks.c",
"function": "process_socks4_request"
},
"signature_type": "Function",
"source": "https://gitlab.torproject.org/tpo/core/tor@a282145b3634547ab84ccd959d0537c021ff7ffc"
}
]
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "37"
}
]
}
]
"2026-04-12T06:21:02Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23589.json"