Tor up to 0.4.6.7 SafeSocks privilege escalation

Summaryinfo

A vulnerability identified as problematic has been detected in Tor. The affected element is an unknown function of the component SafeSocks Handler. Performing a manipulation results in an unknown weakness. This vulnerability is reported as CVE-2023-23589. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Tor (Network Encryption Software). This affects some unknown functionality of the component SafeSocks Handler. The impact remains unknown. The summary by CVE is:

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

The weakness was disclosed 01/14/2023 as 40730. It is possible to read the advisory at gitlab.torproject.org. This vulnerability is uniquely identified as CVE-2023-23589 since 01/14/2023. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 0.4.7.13 eliminates this vulnerability. The upgrade is hosted for download at gitlab.torproject.org. Applying the patch a282145b3634547ab84ccd959d0537c021ff7ffc is able to eliminate this problem. The bugfix is ready for download at gitlab.torproject.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-27689). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Network Encryption Software

Name

• Tor

Version

• 0.0.2
• 0.0.9
• 0.0.9.1
• 0.0.9.2
• 0.0.9.3
• 0.0.9.4
• 0.0.9.5
• 0.0.9.6
• 0.0.9.7
• 0.0.9.8
• 0.0.9.9
• 0.0.9.10
• 0.1
• 0.1.0.1
• 0.1.0.2
• 0.1.0.3
• 0.1.0.4
• 0.1.0.5
• 0.1.0.6
• 0.1.0.7
• 0.1.0.8
• 0.1.0.9
• 0.1.0.10
• 0.1.0.11
• 0.1.0.12
• 0.1.0.13
• 0.1.0.14
• 0.1.0.18
• 0.1.1.1 Alpha
• 0.1.1.2 Alpha
• 0.1.1.3 Alpha
• 0.1.1.4 Alpha
• 0.1.1.5 Alpha
• 0.1.1.15
• 0.1.1.20
• 0.1.1.23
• 0.1.1.26
• 0.1.2.1 Alpha-cvs
• 0.1.2.2
• 0.1.2.3
• 0.1.2.4
• 0.1.2.5
• 0.1.2.6
• 0.1.2.7
• 0.1.2.8
• 0.1.2.9
• 0.1.2.10
• 0.1.2.11
• 0.1.2.12
• 0.1.2.13
• 0.1.2.14
• 0.1.2.15
• 0.2.0.4
• 0.2.0.5
• 0.2.0.6
• 0.2.0.10
• 0.2.0.11
• 0.2.0.12
• 0.2.0.13
• 0.2.0.14
• 0.2.0.15
• 0.2.0.16
• 0.2.0.17
• 0.2.0.18
• 0.2.0.19
• 0.2.0.20
• 0.2.0.21
• 0.2.0.22
• 0.2.0.23
• 0.2.0.24
• 0.2.0.25
• 0.2.0.26
• 0.2.0.27
• 0.2.0.28
• 0.2.0.29
• 0.2.0.30
• 0.2.0.31
• 0.2.0.32
• 0.2.0.33
• 0.2.0.35
• 0.2.1.5
• 0.2.1.6
• 0.2.2.1
• 0.2.2.2
• 0.2.2.3
• 0.2.2.4
• 0.2.2.5
• 0.2.2.6
• 0.2.2.35
• 0.2.2.37
• 0.2.2.38
• 0.2.2.39
• 0.2.3.25
• 0.2.4.2
• 0.2.4.3
• 0.2.4.4
• 0.2.4.5
• 0.2.4.6
• 0.2.4.7
• 0.2.4.7-alpha
• 0.2.4.8
• 0.2.4.8-alpha
• 0.2.4.9
• 0.2.4.9-alpha
• 0.2.4.10
• 0.2.4.10-alpha
• 0.2.4.11
• 0.2.4.11-alpha
• 0.2.4.12
• 0.2.4.12-alpha
• 0.2.4.13
• 0.2.4.13-alpha
• 0.2.4.14
• 0.2.4.15
• 0.2.4.15-rc
• 0.2.4.16
• 0.2.4.16-rc
• 0.2.4.17
• 0.2.4.18
• 0.2.4.18-rc
• 0.2.4.19
• 0.2.4.20
• 0.2.4.23
• 0.2.4.26
• 0.2.5
• 0.2.5.1-alpha
• 0.2.5.6-alpha
• 0.2.5.11
• 0.2.5.12
• 0.2.5.16
• 0.2.6.7
• 0.2.8
• 0.2.8.9
• 0.2.8.12
• 0.2.8.14
• 0.2.8.15
• 0.2.8.16
• 0.2.8.17
• 0.2.9
• 0.2.9.3
• 0.2.9.4
• 0.2.9.4-alpha
• 0.2.9.11
• 0.2.9.12
• 0.2.9.13
• 0.2.9.15
• 0.3.0.8
• 0.3.0.9
• 0.3.0.10
• 0.3.0.11
• 0.3.0.12
• 0.3.0.13
• 0.3.1.6
• 0.3.1.7
• 0.3.1.8
• 0.3.1.9
• 0.3.1.10
• 0.3.2.0
• 0.3.2.1-alpha
• 0.3.2.9
• 0.3.2.10
• 0.3.3.12
• 0.3.4.10
• 0.3.4.11
• 0.3.5.7
• 0.3.5.8
• 0.3.5.10
• 0.3.5.16
• 0.4.0.1
• 0.4.0.2
• 0.4.1.8
• 0.4.1.9
• 0.4.2.6
• 0.4.2.7
• 0.4.5.9
• 0.4.5.10
• 0.4.6.5
• 0.4.6.6
• 0.4.6.7

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion