{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4444", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-08T17:01:45.724Z", "datePublished": "2025-09-18T13:58:52.524Z", "dateUpdated": "2025-09-18T20:41:21.835Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-18T14:00:17.385Z"}, "title": "Tor Onion Service Descriptor resource consumption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "Resource Consumption"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Tor", "versions": [{"version": "0.4.7.0", "status": "affected"}, {"version": "0.4.7.1", "status": "affected"}, {"version": "0.4.7.2", "status": "affected"}, {"version": "0.4.7.3", "status": "affected"}, {"version": "0.4.7.4", "status": "affected"}, {"version": "0.4.7.5", "status": "affected"}, {"version": "0.4.7.6", "status": "affected"}, {"version": "0.4.7.7", "status": "affected"}, {"version": "0.4.7.8", "status": "affected"}, {"version": "0.4.7.9", "status": "affected"}, {"version": "0.4.7.10", "status": "affected"}, {"version": "0.4.7.11", "status": "affected"}, {"version": "0.4.7.12", "status": "affected"}, {"version": "0.4.7.13", "status": "affected"}, {"version": "0.4.7.14", "status": "affected"}, {"version": "0.4.7.15", "status": "affected"}, {"version": "0.4.7.16", "status": "affected"}, {"version": "0.4.8.0", "status": "affected"}, {"version": "0.4.8.1", "status": "affected"}, {"version": "0.4.8.2", "status": "affected"}, {"version": "0.4.8.3", "status": "affected"}, {"version": "0.4.8.4", "status": "affected"}, {"version": "0.4.8.5", "status": "affected"}, {"version": "0.4.8.6", "status": "affected"}, {"version": "0.4.8.7", "status": "affected"}, {"version": "0.4.8.8", "status": "affected"}, {"version": "0.4.8.9", "status": "affected"}, {"version": "0.4.8.10", "status": "affected"}, {"version": "0.4.8.11", "status": "affected"}, {"version": "0.4.8.12", "status": "affected"}, {"version": "0.4.8.13", "status": "affected"}, {"version": "0.4.8.14", "status": "affected"}, {"version": "0.4.8.15", "status": "affected"}, {"version": "0.4.8.16", "status": "affected"}, {"version": "0.4.8.17", "status": "affected"}, {"version": "0.4.8.18", "status": "unaffected"}, {"version": "0.4.9.3-alpha", "status": "unaffected"}], "modules": ["Onion Service Descriptor Handler"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In Tor up to 0.4.7.16/0.4.8.17 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Onion Service Descriptor Handler. Dank der Manipulation mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Ein Upgrade auf Version 0.4.8.18 and 0.4.9.3-alpha ist in der Lage, dieses Problem zu adressieren. Die Aktualisierung der betroffenen Komponente wird empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2025-09-16T00:00:00.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2025-09-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-18T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-18T16:05:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "wocanmei (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.324814", "name": "VDB-324814 | Tor Onion Service Descriptor resource consumption", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.324814", "name": "VDB-324814 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.640605", "name": "Submit #640605 | Tor \u2264 0.4.8 Memory Management vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://github.com/chunmianwang/Tordos", "tags": ["related"]}, {"url": "https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes", "tags": ["release-notes"]}, {"url": "https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-18T20:41:11.076671Z", "id": "CVE-2025-4444", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T20:41:21.835Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4444", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-18T20:41:11.076671Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T20:41:16.511Z"}}], "cna": {"tags": ["x_open-source"], "title": "Tor Onion Service Descriptor resource consumption", "credits": [{"lang": "en", "type": "reporter", "value": "wocanmei (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["Onion Service Descriptor Handler"], "product": "Tor", "versions": [{"status": "affected", "version": "0.4.7.0"}, {"status": "affected", "version": "0.4.7.1"}, {"status": "affected", "version": "0.4.7.2"}, {"status": "affected", "version": "0.4.7.3"}, {"status": "affected", "version": "0.4.7.4"}, {"status": "affected", "version": "0.4.7.5"}, {"status": "affected", "version": "0.4.7.6"}, {"status": "affected", "version": "0.4.7.7"}, {"status": "affected", "version": "0.4.7.8"}, {"status": "affected", "version": "0.4.7.9"}, {"status": "affected", "version": "0.4.7.10"}, {"status": "affected", "version": "0.4.7.11"}, {"status": "affected", "version": "0.4.7.12"}, {"status": "affected", "version": "0.4.7.13"}, {"status": "affected", "version": "0.4.7.14"}, {"status": "affected", "version": "0.4.7.15"}, {"status": "affected", "version": "0.4.7.16"}, {"status": "affected", "version": "0.4.8.0"}, {"status": "affected", "version": "0.4.8.1"}, {"status": "affected", "version": "0.4.8.2"}, {"status": "affected", "version": "0.4.8.3"}, {"status": "affected", "version": "0.4.8.4"}, {"status": "affected", "version": "0.4.8.5"}, {"status": "affected", "version": "0.4.8.6"}, {"status": "affected", "version": "0.4.8.7"}, {"status": "affected", "version": "0.4.8.8"}, {"status": "affected", "version": "0.4.8.9"}, {"status": "affected", "version": "0.4.8.10"}, {"status": "affected", "version": "0.4.8.11"}, {"status": "affected", "version": "0.4.8.12"}, {"status": "affected", "version": "0.4.8.13"}, {"status": "affected", "version": "0.4.8.14"}, {"status": "affected", "version": "0.4.8.15"}, {"status": "affected", "version": "0.4.8.16"}, {"status": "affected", "version": "0.4.8.17"}, {"status": "unaffected", "version": "0.4.8.18"}, {"status": "unaffected", "version": "0.4.9.3-alpha"}]}], "timeline": [{"lang": "en", "time": "2025-09-16T00:00:00.000Z", "value": "Countermeasure disclosed"}, {"lang": "en", "time": "2025-09-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-18T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-18T16:05:09.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.324814", "name": "VDB-324814 | Tor Onion Service Descriptor resource consumption", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.324814", "name": "VDB-324814 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.640605", "name": "Submit #640605 | Tor \u2264 0.4.8 Memory Management vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://github.com/chunmianwang/Tordos", "tags": ["related"]}, {"url": "https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes", "tags": ["release-notes"]}, {"url": "https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In Tor up to 0.4.7.16/0.4.8.17 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Onion Service Descriptor Handler. Dank der Manipulation mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Ein Upgrade auf Version 0.4.8.18 and 0.4.9.3-alpha ist in der Lage, dieses Problem zu adressieren. Die Aktualisierung der betroffenen Komponente wird empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-18T14:00:17.385Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4444", "state": "PUBLISHED", "dateUpdated": "2025-09-18T20:41:21.835Z", "dateReserved": "2025-05-08T17:01:45.724Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-18T13:58:52.524Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component."}], "id": "CVE-2025-4444", "lastModified": "2025-09-18T14:15:49.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-09-18T14:15:49.887", "references": [{"source": "cna@vuldb.com", "url": "https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578"}, {"source": "cna@vuldb.com", "url": "https://github.com/chunmianwang/Tordos"}, {"source": "cna@vuldb.com", "url": "https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.324814"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.324814"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.640605"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}