CVE-2006-3418

EPSS 0.48%

Published: 7/7/2006Modified: 4/28/2026

Also known as:DEBIAN-CVE-2006-3418

Description

Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

Affected packages (1)

Debian/torfrom 0, < 0.1.1.20-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-3418