CVE-2012-3519

Description

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.

Affected packages (1)

• Debian/torfrom 0, < 0.2.3.20-rc-1

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3519