{"id":"CVE-2017-0380","details":"The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.","modified":"2026-05-13T13:20:21.676944Z","published":"2017-09-18T16:29:00.207Z","related":["openSUSE-SU-2024:11469-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.8.14"}],"cpe":"cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.0"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.0-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.10"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.10:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.11"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.11:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.1-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.2-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.3-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.4-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.4:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.5-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.5:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.6"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.6:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.8"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.8:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.2.9.9"}],"cpe":"cpe:2.3:a:torproject:tor:0.2.9.9:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.0"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.10"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.10:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.1-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.2-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.2:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.3-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.3:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.4-rc"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.4:rc:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.5-rc"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.5:rc:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.6"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.6:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.7"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.7:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.8"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.8:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.0.9"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.0.9:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.1-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.1:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.2-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.2:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.3-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.3:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.4-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.4:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.5-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.5:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.1.6-alpha"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.1.6:alpha:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"0.3.2"}],"cpe":"cpe:2.3:a:torproject:tor:0.3.2:*:*:*:*:*:*:*"},{"source":"DESCRIPTION","extracted_events":[{"fixed":"0.2.8.15"},{"introduced":"0.2.9.x"},{"fixed":"0.2.9.12"},{"introduced":"0.3.0.x"},{"fixed":"0.3.0.11"},{"introduced":"0.3.1.x"},{"fixed":"0.3.1.7"},{"introduced":"0.3.2.x"},{"fixed":"0.3.2.1-alpha"}]}]},"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1039519"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3993"},{"type":"FIX","url":"https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"},{"type":"FIX","url":"https://trac.torproject.org/projects/tor/ticket/23490"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/torproject/tor","events":[{"introduced":"0"},{"fixed":"09ea89764a4d3a907808ed7d4fe42abfe64bd486"}],"database_specific":{"source":"REFERENCES"}}],"versions":["debian-version-0.0.1+0.0.2pre19-1","debian-version-0.0.1+0.0.2pre20-1","debian-version-0.0.1+0.0.2pre20-2","debian-version-0.0.1+0.0.2pre21-1","debian-version-0.0.1+0.0.2pre22-1","debian-version-0.0.1+0.0.2pre23-1","debian-version-0.0.1+0.0.2pre24-1","debian-version-0.0.1+0.0.2pre25-1","debian-version-0.0.1+0.0.2pre26-1","debian-version-0.0.1+0.0.2pre27-1","debian-version-0.0.2-1","debian-version-0.0.3-1","debian-version-0.0.4-1","debian-version-0.0.5+0.0.6rc2-1","debian-version-0.0.5+0.0.6rc3-1","debian-version-0.0.5+0.0.6rc4-1","debian-version-0.0.5-1","debian-version-0.0.6-1","debian-version-0.0.6.1-1","debian-version-0.0.6.2-1","debian-version-0.0.7+0.0.8rc1-1","debian-version-0.0.7-1","debian-version-0.0.7.1-1","debian-version-0.0.7.2+0.0.8pre2-1","debian-version-0.0.7.2+0.0.8pre3-1","debian-version-0.0.8+0.0.9pre1-1","debian-version-0.0.8+0.0.9pre2-1","debian-version-0.0.8+0.0.9pre3-1","debian-version-0.0.8+0.0.9pre4-1","debian-version-0.0.8+0.0.9pre5-1","debian-version-0.0.8+0.0.9pre5-2","debian-version-0.0.8+0.0.9pre6-1","debian-version-0.0.8+0.0.9rc1-1","debian-version-0.0.8+0.0.9rc2-1","debian-version-0.0.8+0.0.9rc3-1","debian-version-0.0.8+0.0.9rc5-1","debian-version-0.0.8+0.0.9rc6-1","debian-version-0.0.8+0.0.9rc7-1","debian-version-0.0.8-1","debian-version-0.0.9.1-1","debian-version-0.0.9.10-1","debian-version-0.0.9.2-1","debian-version-0.0.9.3-1","debian-version-0.0.9.4-1","debian-version-0.0.9.5-1","debian-version-0.0.9.6-1","debian-version-0.0.9.7-1","debian-version-0.0.9.8-1","debian-version-0.0.9.9-1","debian-version-0.1.0.1-rc-cvs-200503310807-1","debian-version-0.1.0.1-rc-cvs-200504010815-1","debian-version-0.1.0.10-0-pre.1","debian-version-0.1.0.11-0-pre.1","debian-version-0.1.0.11-1","debian-version-0.1.0.12-1","debian-version-0.1.0.13-1","debian-version-0.1.0.14-1","debian-version-0.1.0.14-2","debian-version-0.1.0.15-1","debian-version-0.1.0.16-1","debian-version-0.1.0.17-1","debian-version-0.1.0.2-rc-200504011500-1","debian-version-0.1.0.2-rc-200504011640-1","debian-version-0.1.0.2-rc-cvs-200504031300-1","debian-version-0.1.0.2-rc-cvs-200504061620-1","debian-version-0.1.0.2-rc-cvs-200504062112-1","debian-version-0.1.0.3-rc-200504080730-1","debian-version-0.1.0.3-rc-200504231430-1","debian-version-0.1.0.3-rc-cvs-200504231630-1","debian-version-0.1.0.4-rc-200504232130-1","debian-version-0.1.0.5-rc-200504272000-1","debian-version-0.1.0.7-rc-200505171420-1","debian-version-0.1.0.8-rc-1","debian-version-0.1.0.9-rc-1","debian-version-0.1.1.10-alpha-1","debian-version-0.1.1.11-alpha-1","debian-version-0.1.1.12-alpha-1","debian-version-0.1.1.13-alpha-1","debian-version-0.1.1.14-alpha-1","debian-version-0.1.1.15-rc-1","debian-version-0.1.1.16-rc-1","debian-version-0.1.1.17-rc-1","debian-version-0.1.1.18-rc-1","debian-version-0.1.1.19-rc-1","debian-version-0.1.1.20-1","debian-version-0.1.1.21-1","debian-version-0.1.1.22-1","debian-version-0.1.1.5-alpha-1","debian-version-0.1.1.6-alpha-1","debian-version-0.1.1.6-alpha-2","debian-version-0.1.1.7-alpha-1","debian-version-0.1.1.8-alpha-1","debian-version-0.1.1.9-alpha-1","tor-0.0.2","tor-0.0.2pre13","tor-0.0.2pre14","tor-0.0.2pre16","tor-0.0.2pre17","tor-0.0.2pre18","tor-0.0.2pre19","tor-0.0.2pre20","tor-0.0.2pre22","tor-0.0.2pre23","tor-0.0.2pre24","tor-0.0.2pre25","tor-0.0.2pre27","tor-0.0.2pre8","tor-0.0.3","tor-0.0.4","tor-0.0.5","tor-0.0.6","tor-0.0.6.1","tor-0.0.6.2","tor-0.0.6incompat-merged","tor-0.0.7","tor-0.0.7.1","tor-0.0.7.2","tor-0.0.7rc1","tor-0.0.8","tor-0.0.8.1","tor-0.0.8pre1","tor-0.0.8pre2","tor-0.0.8pre3","tor-0.0.8rc1","tor-0.0.8rc2","tor-0.0.9","tor-0.0.9.1","tor-0.0.9.10","tor-0.0.9.2","tor-0.0.9.3","tor-0.0.9.5","tor-0.0.9.6","tor-0.0.9.7","tor-0.0.9.9","tor-0.0.9pre1","tor-0.0.9pre2","tor-0.0.9pre3","tor-0.0.9pre4","tor-0.0.9pre5","tor-0.0.9pre6","tor-0.0.9rc1","tor-0.0.9rc2","tor-0.0.9rc3","tor-0.0.9rc4","tor-0.0.9rc5","tor-0.0.9rc6","tor-0.0.9rc7","tor-0.1.0.1-rc","tor-0.1.0.10","tor-0.1.0.11","tor-0.1.0.12","tor-0.1.0.13","tor-0.1.0.14","tor-0.1.0.15","tor-0.1.0.16","tor-0.1.0.17","tor-0.1.0.2-rc","tor-0.1.0.4-rc","tor-0.1.0.5-rc","tor-0.1.0.6-rc","tor-0.1.0.7-rc","tor-0.1.0.9-rc","tor-0.1.1.1-alpha","tor-0.1.1.10-alpha","tor-0.1.1.11-alpha","tor-0.1.1.12-alpha","tor-0.1.1.13-alpha","tor-0.1.1.14-alpha","tor-0.1.1.15-rc","tor-0.1.1.16-rc","tor-0.1.1.17-rc","tor-0.1.1.18-rc","tor-0.1.1.19-rc","tor-0.1.1.2-alpha","tor-0.1.1.20","tor-0.1.1.21","tor-0.1.1.22","tor-0.1.1.4-alpha","tor-0.1.1.5-alpha","tor-0.1.1.6-alpha","tor-0.1.1.7-alpha","tor-0.1.1.8-alpha","tor-0.1.1.9-alpha","tor-0.1.2.1-alpha","tor-0.1.2.2-alpha","tor-0.1.2.3-alpha","tor-0.1.2.4-alpha","tor-0.1.2.5-alpha","tor-0.1.2.6-alpha","tor-0.1.2.7-alpha","tor-0.1.2.8-beta","tor-0.1.2.9-rc","tor-0.2.0.1-alpha","tor-0.2.0.10-alpha","tor-0.2.0.11-alpha","tor-0.2.0.12-alpha","tor-0.2.0.13-alpha","tor-0.2.0.14-alpha","tor-0.2.0.15-alpha","tor-0.2.0.16-alpha","tor-0.2.0.17-alpha","tor-0.2.0.18-alpha","tor-0.2.0.19-alpha","tor-0.2.0.2-alpha","tor-0.2.0.20-rc","tor-0.2.0.3-alpha","tor-0.2.0.4-alpha@11197","tor-0.2.0.5-alpha","tor-0.2.0.6-alpha","tor-0.2.0.7-alpha","tor-0.2.0.8-alpha","tor-0.2.0.9-alpha","tor-0.2.1.1-alpha","tor-0.2.1.10-alpha","tor-0.2.1.11-alpha","tor-0.2.1.13-alpha","tor-0.2.1.14-rc","tor-0.2.1.2-alpha","tor-0.2.1.3-alpha","tor-0.2.1.4-alpha","tor-0.2.1.5-alpha","tor-0.2.1.6-alpha","tor-0.2.1.7-alpha","tor-0.2.1.8-alpha","tor-0.2.1.9-alpha","tor-0.2.2.1-alpha","tor-0.2.2.10-alpha","tor-0.2.2.11-alpha","tor-0.2.2.12-alpha","tor-0.2.2.13-alpha","tor-0.2.2.14-alpha","tor-0.2.2.15-alpha","tor-0.2.2.16-alpha","tor-0.2.2.2-alpha","tor-0.2.2.3-alpha","tor-0.2.2.4-alpha","tor-0.2.2.5-alpha","tor-0.2.2.6-alpha","tor-0.2.2.7-alpha","tor-0.2.2.8-alpha","tor-0.2.2.9-alpha","tor-0.2.3.1-alpha","tor-0.2.3.10-alpha","tor-0.2.3.11-alpha","tor-0.2.3.12-alpha","tor-0.2.3.13-alpha","tor-0.2.3.14-alpha","tor-0.2.3.15-alpha","tor-0.2.3.16-alpha","tor-0.2.3.17-beta","tor-0.2.3.2-alpha","tor-0.2.3.3-alpha","tor-0.2.3.4-alpha","tor-0.2.3.5-alpha","tor-0.2.3.6-alpha","tor-0.2.3.7-alpha","tor-0.2.3.8-alpha","tor-0.2.3.9-alpha","tor-0.2.4.1-alpha","tor-0.2.4.10-alpha","tor-0.2.4.2-alpha","tor-0.2.4.3-alpha","tor-0.2.4.4-alpha","tor-0.2.4.5-alpha","tor-0.2.4.6-alpha","tor-0.2.4.7-alpha","tor-0.2.4.8-alpha","tor-0.2.4.9-alpha","tor-0.2.5.1-alpha","tor-0.2.5.2-alpha","tor-0.2.5.3-alpha","tor-0.2.5.4-alpha","tor-0.2.5.5-alpha","tor-0.2.6.1-alpha","tor-0.2.6.2-alpha","tor-0.2.6.3-alpha","tor-0.2.7.0-root","tor-0.2.7.1-alpha","tor-0.2.7.2-alpha","tor-0.2.7.3-rc","tor-0.2.8.1-alpha","tor-0.2.8.2-alpha","tor-0.2.9.0-root","tor-0.2.9.1-alpha","tor-0.2.9.2-alpha","tor-0.2.9.3-alpha","tor-0.2.9.4-alpha","tor-0.3.0.1-alpha","tor-0.3.0.2-alpha","tor-0.3.0.3-alpha"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0380.json","vanir_signatures":[{"deprecated":false,"target":{"file":"src/or/rendservice.c","function":"rend_service_intro_established"},"signature_type":"Function","id":"CVE-2017-0380-5cc6542f","digest":{"length":1373,"function_hash":"127769175355172658901515638176859382220"},"source":"https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/or/rendservice.c"},"signature_type":"Line","id":"CVE-2017-0380-93bf75c8","digest":{"threshold":0.9,"line_hashes":["337262265581462538688133467890333262766","277432954454635111726299723618948692353","176210070155872555886204065544878994544","46603671626614080164438768078968325117","244470203692698385864849808344304555250","272244659475510519600514232890661375494","67545002151669001391361742277350598480","3931581483446924389001096741585743198","239988870441061204329280097212446696697"]},"source":"https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486","signature_version":"v1"}],"vanir_signatures_modified":"2026-05-13T13:20:21Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}