fkie_nvd - fkie_cve-2009-0939

fkie_cve-2009-0939

Vulnerability from fkie_nvd

Published

2009-03-18 02:00

Modified

2025-04-09 00:30

Severity ?

Summary

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.

References

URL	Tags
cve@mitre.org	http://archives.seul.org/or/announce/Feb-2009/msg00000.html
cve@mitre.org	http://secunia.com/advisories/33880	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/34583
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200904-11.xml
cve@mitre.org	http://www.securityfocus.com/bid/33713
af854a3a-2127-422b-91ae-364da2661108	http://archives.seul.org/or/announce/Feb-2009/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33880	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34583
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200904-11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33713

Impacted products

Vendor	Product	Version
tor	tor	*
tor	tor	0.2.0.1
tor	tor	0.2.0.2
tor	tor	0.2.0.3
tor	tor	0.2.0.4
tor	tor	0.2.0.5
tor	tor	0.2.0.6
tor	tor	0.2.0.10
tor	tor	0.2.0.11
tor	tor	0.2.0.12
tor	tor	0.2.0.13
tor	tor	0.2.0.14
tor	tor	0.2.0.15
tor	tor	0.2.0.16
tor	tor	0.2.0.17
tor	tor	0.2.0.18
tor	tor	0.2.0.19
tor	tor	0.2.0.20
tor	tor	0.2.0.21
tor	tor	0.2.0.22
tor	tor	0.2.0.23
tor	tor	0.2.0.24
tor	tor	0.2.0.25
tor	tor	0.2.0.26
tor	tor	0.2.0.27
tor	tor	0.2.0.28
tor	tor	0.2.0.29
tor	tor	0.2.0.30
tor	tor	0.2.0.31
tor	tor	0.2.0.32

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C390EF7-1A08-4BAD-8DA5-8402AA2AB7AE",
              "versionEndIncluding": "0.2.0.33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "AE5CEE9D-FE82-4E87-AEA0-9A2D8186E522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "0F3729DD-BFCC-4293-9DE7-B02588753F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "5D08533D-A187-4C0E-AD4C-41061FB42413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7EADACB1-31D9-4297-A1C3-7F281A0AF154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "D560434E-2636-4C7B-AC6B-A5952123B8F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "AD3334C5-92F3-403D-9116-4559D18F677F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "96BCAA3F-EF7F-457B-8468-A736527A4F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "4D706AEC-0814-4706-BA4C-6FED01AA4D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "53FCE242-9B64-4D71-BBB3-8085F7FBA8F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "A9FD6A26-7219-4958-B959-C6365193F839",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "F6307EF6-1449-43B2-A3B8-DF0EA3A6985F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "78C0FF05-0E18-4C48-BE3E-FBC881F468D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "B0C32845-BAB4-422A-B1BA-568793B4E935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "0159DCD6-3C52-4B4C-82EC-4E699366E917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "9E245295-3EF6-4E6D-8D44-D45B8A198E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "38DA0AF4-C053-4EEC-AA37-5089C9E6C778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7C8EE453-2FAC-4927-AC89-C92B2A947E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7AE434E6-63E1-44B0-AA79-BBDABC040234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7BC742E5-CA75-43E4-BCD5-54B712CF205E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "DADA7B77-7DBE-4A62-BE4A-83975D4D7311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "30D57B03-30FE-48E8-B6BA-77538F067D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6BD04-775B-4EDE-BF3E-2896BB59F895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7900A51A-4E1E-412C-945E-DAB21078BD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2B68CEAF-2287-4C1B-A147-DD718E7C6418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "BD3CE396-518B-465F-AB91-6572601F0C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "B70887CA-5A54-410D-B9B4-84EE31899FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "C538F301-D9A9-48CC-AB77-AD073935D1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "CFC42FE4-48BE-4EF2-900F-401CF34F113E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "95E17189-F12A-4914-AEDC-52345D097A9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to \"Spec conformance,\" as demonstrated using 192.168.0."
    },
    {
      "lang": "es",
      "value": "Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con \"Spec conformance,\" como se ha demostrado utilizando 192.168.0."
    }
  ],
  "id": "CVE-2009-0939",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-18T02:00:08.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.seul.org/or/announce/Feb-2009/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33880"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34583"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.seul.org/or/announce/Feb-2009/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33713"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-0939 (GCVE-0-2009-0939)

Vulnerability from cvelistv5

Published

2009-03-18 01:00