Primary

Context

Tor Out-of-Bounds Read Vulnerability in Cell Handling

Vulnerability

Patched

A vulnerability in Tor versions prior to 0.4.9.7 allows for an out-of-bounds read in the cell handling process. This issue occurs when END, TRUNCATE, or TRUNCATED cells are received without a reason in their payload. The vulnerability has been identified and documented as TROVE-2026-011.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be exploited to cause a denial-of-service or to read sensitive memory contents.

Remediation

Users are advised to upgrade to Tor version 0.4.9.7, which addresses this vulnerability. Instructions for downloading the latest version can be found on the Tor Project's official website.

Added: May 7, 2026, 1:20 AM

Updated: May 7, 2026, 1:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tor Out-of-Bounds Read Vulnerability in Cell Handling

Vulnerability

Impact

Remediation

Affected Products

Tor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating