CVE-2011-4897

Description

Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.

How to fix CVE-2011-4897

To remediate CVE-2011-4897, upgrade the affected package to a fixed version below.

• Debian/tor—upgrade to 0.2.2.27-beta-1 or later

Is CVE-2011-4897 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.2.2.27-beta-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4897