Primary

Context

Tor NULL Pointer Dereference Vulnerability in CERT Cell Handling

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in Tor versions prior to 0.4.9.7. The issue arises when a CERT cell is received out of order, leading to a crash. This vulnerability was found by a user named Fwame.

Impact

Exploitation of this vulnerability causes a crash due to a NULL pointer dereference, disrupting the application's operation.

Remediation

Users are advised to upgrade to Tor version 0.4.9.7, which addresses this vulnerability.

Added: May 7, 2026, 4:20 AM

Updated: May 7, 2026, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.3

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.3

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tor NULL Pointer Dereference Vulnerability in CERT Cell Handling

Vulnerability

Impact

Remediation

Affected Products

Tor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating