CVE-2007-4098
EPSS 1.2%
Description
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
How to fix CVE-2007-4098
To remediate CVE-2007-4098, upgrade the affected package to a fixed version below.
- Debian/tor—upgrade to 0.1.2.15-1 or later
Is CVE-2007-4098 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.1.2.15-1