FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

security/tor -- SOCKS4(a) inversion bug

Affected packages
tor <


VuXML ID 847f16e5-9406-11ed-a925-3065ec8fd3ec
Discovery 2023-01-12
Entry 2023-01-14

The Tor Project reports:

TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through

This is a report from hackerone:
We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.