Out-of-bounds read and null pointer dereference in Tor

56% confidence

Description

This security release fixes several major bugfixes including an out-of-bounds read when END, TRUNCATE and TRUNCATED cells have no reason in their payload, and a null pointer dereference when receiving a CERT cell out of order.

Affected Products

Vendor	Product	Versions
the tor project	tor	< 0.4.9.7

Related News (1 articles)

Tier C

oss-security2h ago

Vulnerability fixes in Tor 0.4.9.7

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

0.4.9.7

CWECWE-125, CWE-476

PublishedMay 6, 2026

Last enriched2h ago

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: cve_id, cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Out-of-bounds read and null pointer dereference in Tor

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline