CVE-2021-39246
6.1 MEDIUMTor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addr...
Published: 2021-09-24 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-532
Affected products
| Vendor | Product |
|---|---|
| torproject | tor_browser |
Description
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39246
- [Exploit reference]https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-111.md
- [Patch]https://gitlab.torproject.org/tpo/core/tor/-/commit/80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9
- [Vendor advisory]https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/434
- [Exploit reference]https://sick.codes/sick-2021-111
- [Other]https://www.privacyaffairs.com/cve-2021-39246-tor-vulnerability
- [Exploit reference]https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-111.md
- [Patch]https://gitlab.torproject.org/tpo/core/tor/-/commit/80c404c4b79f3bcba3fc4585d4c62a62a04f3ed9
- [Vendor advisory]https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/434
- [Exploit reference]https://sick.codes/sick-2021-111
- [Other]https://www.privacyaffairs.com/cve-2021-39246-tor-vulnerability
Related CVEs
Same vendor
- CVE-2021-38385 — Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verifica... (7.5 HIGH)
Same CWE
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2026-0267 — An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
- CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
- CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
- CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)