Description
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
Published: 2026-05-07
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tor before 0.4.9.7 contains an out-of-bounds read by one byte when processing a malformed BEGIN cell. This leads to a small memory disclosure that could leak adjacent data but does not alter program state or permit code execution. The weakness is identified as a one-byte read beyond buffer boundaries (CWE-193).

Affected Systems

The vulnerability affects all installations of Tor older than 0.4.9.7. No other vendors or products are listed. Users running earlier Tor versions should check the upgrade status.

Risk and Exploitability

The CVSS score of 3.7 classifies the issue as low severity. The EPSS score is unavailable, and the vulnerability is not currently listed in CISA's KEV catalog. Attack vectors are inferred to include delivery of malformed cells over the Tor circuit, which may be possible from a remote network actor with control over cell injection. Exploitation would only enable data exposure on the affected node, and no evidence of privilege escalation or persistence is reported.

Generated by OpenCVE AI on May 7, 2026 at 05:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tor to version 0.4.9.7 or newer to eliminate the buffer read error.
  • Subscribe to Tor project security advisories to receive timely notifications of patches and related updates.
  • Implement network filtering or routing rules to restrict the injection of malformed BEGIN cells, allowing only authenticated neighbors to transmit control cells.

Generated by OpenCVE AI on May 7, 2026 at 05:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 06:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Tor via Malformed BEGIN Cell

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Description Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
First Time appeared Torproject
Torproject tor
Weaknesses CWE-193
CPEs cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
Vendors & Products Torproject
Torproject tor
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Torproject Tor
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-07T03:36:57.931Z

Reserved: 2026-05-07T03:21:24.363Z

Link: CVE-2026-44603

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T04:16:35.387

Modified: 2026-05-07T04:16:35.387

Link: CVE-2026-44603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T05:45:06Z

Weaknesses