CVE-2007-4098

critical

Description

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

References

http://www.vupen.com/english/advisories/2007/2634

http://www.securityfocus.com/bid/25035

http://secunia.com/advisories/26140

http://osvdb.org/46970

http://archives.seul.org/or/announce/Jul-2007/msg00000.html

Details

Source: Mitre, NVD

Published: 2007-07-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00768

Detections

Analytics