Tor 0.4.7.8 Update Addresses Security Vulnerability

A corrective release of the Tor toolkit, version 0.4.7.8, has been published. Tor is widely used to enable anonymous networking. This new version fixes a vulnerability (CVE-2022-33903) that could allow remote attackers to trigger a denial of service. There is also a potential impact on user anonymity, although specific details have not been disclosed until package updates are available in major distributions.

The only information provided so far is that a remote attacker could influence bandwidth prediction in the RTT Congestion Control protocol implementation. This could lead to reduced performance for clients, onion services, and relay nodes.

The release announcement also mentions an older vulnerability, CVE-2021-38385, which was previously fixed in earlier branches. That issue could cause the process to terminate due to an assert check failure if there was a mismatch in digital signature verification between individual and batch modes.

Source

Onion Market — a free peer-to-peer exchange on Telegram. We support XMR, BTC, and USDT.TRC20.