CVE-2024-35312: Tor Arti's STUB circuits incorrectly have a length of 2
(updated )
In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.
References
- github.com/advisories/GHSA-9328-gcfq-p269
- gitlab.torproject.org/tpo/core/arti
- gitlab.torproject.org/tpo/core/arti/-/blob/main/CHANGELOG.md
- gitlab.torproject.org/tpo/core/arti/-/commit/da95138c14f762c706e46e89c6adfa46fcd5252c
- gitlab.torproject.org/tpo/core/arti/-/issues/1409
- gitlab.torproject.org/tpo/core/arti/-/merge_requests/2145
- gitlab.torproject.org/tpo/core/arti/-/merge_requests/2154
- gitlab.torproject.org/tpo/core/arti/-/merge_requests/2156
- gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
- nvd.nist.gov/vuln/detail/CVE-2024-35312
- rustsec.org/advisories/RUSTSEC-2024-0339.html
Code Behaviors & Features
Detect and mitigate CVE-2024-35312 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →