{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67632?format=json","vulnerability_id":"VCID-r5m7-m7ur-x3cw","summary":"Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.","aliases":[{"alias":"CVE-2026-44601"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074954?format=json","purl":"pkg:deb/debian/tor@0.4.8.14-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.8.14-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1074953?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44601","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18878","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.19043","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44601"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237","reference_id":"41237","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc","reference_id":"d4e3f6a440b58c2be661decf20c09548704907dc","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc"}],"weaknesses":[{"cwe_id":837,"name":"Improper Enforcement of a Single, Unique Action","description":"The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction."}],"exploits":[],"severity_range_score":"3.7 - 3.7","exploitability":"0.5","weighted_severity":"3.3","risk_score":1.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5m7-m7ur-x3cw"}