CVE-2006-3415

Description

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.

How to fix CVE-2006-3415

To remediate CVE-2006-3415, upgrade the affected package to a fixed version below.

• Debian/tor—upgrade to 0.1.1.20-1 or later

Is CVE-2006-3415 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.1.1.20-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3415