Insecure Default Variable Initialization
CVE-2023-23589
Summary
The SafeSocks option in Tor prior to 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-453 - Insecure Default Variable Initialization
The software, by default, initializes an internal variable with an insecure or less secure value than is possible.
References
Advisory Timeline
- Published
