Primary

Context

Tor Double Close Circuit Vulnerability Leading to Client Crash

Vulnerability

Patched

A bug in Tor versions prior to 0.4.9.7 can cause a client crash under certain memory pressure conditions. This issue arises from a double closing of a circuit, which can occur when there is a backlog of circuits waiting to be processed. The vulnerability has been identified as TROVE-2026-009.

Impact

Exploitation of this vulnerability causes a client-side crash.

Remediation

Users are advised to upgrade to Tor version 0.4.9.7, which addresses this vulnerability.

Added: May 7, 2026, 4:22 AM

Updated: May 7, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tor Double Close Circuit Vulnerability Leading to Client Crash

Vulnerability

Impact

Remediation

Affected Products

Tor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating