DEBIAN-CVE-2020-8516

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-8516

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-8516.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2020-8516

Upstream

CVE-2020-8516

Published

2020-02-02T13:15:10.903Z

Modified

2025-11-19T01:06:26.114549Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

References

https://security-tracker.debian.org/tracker/CVE-2020-8516

Affected packages

Debian:11 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.5.9-1

0.4.5.10-1~bpo10+1

0.4.5.10-1~deb11u1

0.4.5.10-1

0.4.5.16-1

0.4.6.2-alpha-1

0.4.6.3-rc-1

0.4.6.4-rc-1

0.4.6.6-1

0.4.6.7-1

0.4.6.8-1~bpo10+2

0.4.6.8-1~bpo11+2

0.4.6.8-1

0.4.6.9-1

0.4.6.10-1~bpo10+1

0.4.6.10-1~bpo11+1

0.4.6.10-1

0.4.7.3-alpha-1

0.4.7.4-alpha-1

0.4.7.5-alpha-1

0.4.7.6-rc-1

0.4.7.7-1~bpo10+1

0.4.7.7-1~bpo11+1

0.4.7.7-1

0.4.7.8-1~bpo10+1

0.4.7.8-1~bpo11+1

0.4.7.8-1

0.4.7.9-1

0.4.7.10-1~bpo10+1

0.4.7.10-1~bpo11+1

0.4.7.10-1

0.4.7.11-1~bpo11+1

0.4.7.11-1

0.4.7.12-1

0.4.7.13-1~bpo11+1

0.4.7.13-1

0.4.7.16-1

0.4.8.4-2

0.4.8.5-1

0.4.8.6-1

0.4.8.7-1

0.4.8.8-1

0.4.8.9-1~bpo11+1

0.4.8.9-1~bpo12+1

0.4.8.9-1

0.4.8.10-1~bpo11+1

0.4.8.10-1~bpo12+1

0.4.8.10-1

0.4.8.11-1~bpo11+1

0.4.8.11-1~bpo12+1

0.4.8.11-1

0.4.8.12-1~bpo11+1

0.4.8.12-1~bpo12+1

0.4.8.12-1

0.4.8.12-1.1

0.4.8.13-1

0.4.8.13-2~bpo12+1

0.4.8.13-2

0.4.8.14-1~bpo12+1

0.4.8.14-1

0.4.8.16-1

0.4.8.21-1~bpo12+1

0.4.8.21-1~bpo13+1

0.4.8.21-1~bpo13+2

0.4.8.21-1

0.4.8.22-1~bpo12+1

0.4.8.22-1~bpo13+1

0.4.8.22-1

0.4.9.5-1

0.4.9.5-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-8516.json"

Debian:12 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.7.13-1

0.4.7.16-1

0.4.8.4-2

0.4.8.5-1

0.4.8.6-1

0.4.8.7-1

0.4.8.8-1

0.4.8.9-1~bpo11+1

0.4.8.9-1~bpo12+1

0.4.8.9-1

0.4.8.10-1~bpo11+1

0.4.8.10-1~bpo12+1

0.4.8.10-1

0.4.8.11-1~bpo11+1

0.4.8.11-1~bpo12+1

0.4.8.11-1

0.4.8.12-1~bpo11+1

0.4.8.12-1~bpo12+1

0.4.8.12-1

0.4.8.12-1.1

0.4.8.13-1

0.4.8.13-2~bpo12+1

0.4.8.13-2

0.4.8.14-1~bpo12+1

0.4.8.14-1

0.4.8.16-1

0.4.8.21-1~bpo12+1

0.4.8.21-1~bpo13+1

0.4.8.21-1~bpo13+2

0.4.8.21-1

0.4.8.22-1~bpo12+1

0.4.8.22-1~bpo13+1

0.4.8.22-1

0.4.9.5-1

0.4.9.5-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-8516.json"

Debian:13 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.8.16-1

0.4.8.21-1~bpo12+1

0.4.8.21-1~bpo13+1

0.4.8.21-1~bpo13+2

0.4.8.21-1

0.4.8.22-1~bpo12+1

0.4.8.22-1~bpo13+1

0.4.8.22-1

0.4.9.5-1

0.4.9.5-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-8516.json"

Debian:14 / tor

Package

Name: tor
Purl: pkg:deb/debian/tor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.8.16-1

0.4.8.21-1~bpo12+1

0.4.8.21-1~bpo13+1

0.4.8.21-1~bpo13+2

0.4.8.21-1

0.4.8.22-1~bpo12+1

0.4.8.22-1~bpo13+1

0.4.8.22-1

0.4.9.5-1

0.4.9.5-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-8516.json"