DEBIAN-CVE-2009-0654
- Source
- https://security-tracker.debian.org/tracker/CVE-2009-0654
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-0654.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2009-0654
- Upstream
- Published
- 2009-02-20T19:30:00.313Z
- Modified
- 2026-04-28T20:11:03.416455Z
- Summary
- [none]
- Details
-
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
- References
Affected packages
Debian:11 / tor
Package
- Name
- tor
- Purl
- pkg:deb/debian/tor?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.4.5.9-1
0.4.5.10-1~bpo10+1
0.4.5.10-1~deb11u1
0.4.5.10-1
0.4.5.16-1
0.4.6.2-alpha-1
0.4.6.3-rc-1
0.4.6.4-rc-1
0.4.6.6-1
0.4.6.7-1
0.4.6.8-1~bpo10+2
0.4.6.8-1~bpo11+2
0.4.6.8-1
0.4.6.9-1
0.4.6.10-1~bpo10+1
0.4.6.10-1~bpo11+1
0.4.6.10-1
0.4.7.3-alpha-1
0.4.7.4-alpha-1
0.4.7.5-alpha-1
0.4.7.6-rc-1
0.4.7.7-1~bpo10+1
0.4.7.7-1~bpo11+1
0.4.7.7-1
0.4.7.8-1~bpo10+1
0.4.7.8-1~bpo11+1
0.4.7.8-1
0.4.7.9-1
0.4.7.10-1~bpo10+1
0.4.7.10-1~bpo11+1
0.4.7.10-1
0.4.7.11-1~bpo11+1
0.4.7.11-1
0.4.7.12-1
0.4.7.13-1~bpo11+1
0.4.7.13-1
0.4.7.16-1
0.4.8.4-2
0.4.8.5-1
0.4.8.6-1
0.4.8.7-1
0.4.8.8-1
0.4.8.9-1~bpo11+1
0.4.8.9-1~bpo12+1
0.4.8.9-1
0.4.8.10-1~bpo11+1
0.4.8.10-1~bpo12+1
0.4.8.10-1
0.4.8.11-1~bpo11+1
0.4.8.11-1~bpo12+1
0.4.8.11-1
0.4.8.12-1~bpo11+1
0.4.8.12-1~bpo12+1
0.4.8.12-1
0.4.8.12-1.1
0.4.8.13-1
0.4.8.13-2~bpo12+1
0.4.8.13-2
0.4.8.14-1~bpo12+1
0.4.8.14-1
0.4.8.16-1
0.4.8.21-1~bpo12+1
0.4.8.21-1~bpo13+1
0.4.8.21-1~bpo13+2
0.4.8.21-1
0.4.8.22-1~bpo12+1
0.4.8.22-1~bpo13+1
0.4.8.22-1
0.4.9.5-1
0.4.9.5-2~bpo12+1
0.4.9.5-2~bpo13+1
0.4.9.5-2
0.4.9.6-1~bpo12+1
0.4.9.6-1~bpo13+1
0.4.9.6-1
Debian:12 / tor
Package
- Name
- tor
- Purl
- pkg:deb/debian/tor?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.4.7.13-1
0.4.7.16-1
0.4.8.4-2
0.4.8.5-1
0.4.8.6-1
0.4.8.7-1
0.4.8.8-1
0.4.8.9-1~bpo11+1
0.4.8.9-1~bpo12+1
0.4.8.9-1
0.4.8.10-1~bpo11+1
0.4.8.10-1~bpo12+1
0.4.8.10-1
0.4.8.11-1~bpo11+1
0.4.8.11-1~bpo12+1
0.4.8.11-1
0.4.8.12-1~bpo11+1
0.4.8.12-1~bpo12+1
0.4.8.12-1
0.4.8.12-1.1
0.4.8.13-1
0.4.8.13-2~bpo12+1
0.4.8.13-2
0.4.8.14-1~bpo12+1
0.4.8.14-1
0.4.8.16-1
0.4.8.21-1~bpo12+1
0.4.8.21-1~bpo13+1
0.4.8.21-1~bpo13+2
0.4.8.21-1
0.4.8.22-1~bpo12+1
0.4.8.22-1~bpo13+1
0.4.8.22-1
0.4.9.5-1
0.4.9.5-2~bpo12+1
0.4.9.5-2~bpo13+1
0.4.9.5-2
0.4.9.6-0+deb12u1
0.4.9.6-1~bpo12+1
0.4.9.6-1~bpo13+1
0.4.9.6-1
Debian:13 / tor
Package
- Name
- tor
- Purl
- pkg:deb/debian/tor?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / tor
Package
- Name
- tor
- Purl
- pkg:deb/debian/tor?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected