CVE-2021-38385

7.5 HIGH

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verifica...

Published: 2021-08-30 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617

Affected products

Vendor	Product
torproject	tor

Description

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38385
[Vendor advisory]https://blog.torproject.org
[Vendor advisory]https://blog.torproject.org/node/2062
[Vendor advisory]https://bugs.torproject.org/tpo/core/tor/40078
[Other]https://security.gentoo.org/glsa/202305-11
[Vendor advisory]https://blog.torproject.org
[Vendor advisory]https://blog.torproject.org/node/2062
[Vendor advisory]https://bugs.torproject.org/tpo/core/tor/40078
[Other]https://security.gentoo.org/glsa/202305-11

Related CVEs

Same vendor

CVE-2021-39246 — Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addr... (6.1 MEDIUM)

Same CWE

CVE-2026-52718 — A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad (6.5 MEDIUM)
CVE-2026-29116 — A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, ...
CVE-2026-29115 — A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, tr...
CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)