CVE-2024-35313: Tor path lengths too short when "full Vanguards" configured

(updated )

In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.

References

Code Behaviors & Features

Detect and mitigate CVE-2024-35313 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →