Primary

Context

Tor Out-of-Order Queue Accounting Vulnerability in Conflux Handling

Vulnerability

Patched

A vulnerability exists in Tor versions prior to 0.4.9.7, where the accounting of the conflux out-of-order queue is improperly managed during the queue clearing process. This issue can lead to incorrect byte allocation accounting, particularly when a conflux set is dismantled while out-of-order cells are still queued.

Impact

The vulnerability can cause an out-of-bounds read and disrupt proper cell handling within the Tor network, potentially leading to memory management issues.

Reproduction

The vulnerability can be reproduced by creating a conflux set and allowing out-of-order cells to accumulate in the queue. Afterward, the conflux set can be torn down, which should ideally clear the queue and reset the accounting. However, due to the vulnerability, the accounting does not return to zero, even if the queue is not empty.

Remediation

Users are advised to upgrade to Tor version 0.4.9.7, which addresses this vulnerability by correcting the out-of-order queue accounting process.

Added: May 7, 2026, 3:20 AM

Updated: May 7, 2026, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.7

remediation

7.7

relevance

7.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.7

remediation

7.7

relevance

7.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tor Out-of-Order Queue Accounting Vulnerability in Conflux Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Tor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating