FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Arti -- Security issues related to circuit construction

Affected packages
arti < 1.2.3


VuXML ID f393b5a7-1535-11ef-8064-c5610a6efffb
Discovery 2024-05-14
Entry 2024-05-18

Tor Project reports:

When building anonymizing circuits to or from an onion service with 'lite' vanguards (the default) enabled, the circuit manager code would build the circuits with one hop too few.

When 'full' vanguards are enabled, some circuits are supposed to be built with an extra hop to minimize the linkability of the guard nodes. In some circumstances, the circuit manager would build circuits with one hop too few, making it easier for an adversary to discover the L2 and L3 guards of the affected clients and services.


CVE Name CVE-2024-35312
CVE Name CVE-2024-35313