CVE Details for CVE: CVE-2016-3180
Summary
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.
Timestamps | |
---|---|
Last major update | 28-02-2017 - 19:22 |
Published | 07-02-2017 - 17:59 |
Last modified | 28-02-2017 - 19:22 |
CWE
CVSS
Base
6.8
Impact
6.4
Exploitability
8.6
Access
Vector | Complexity | Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Impact
Confidentiality | Integrity | Availability |
---|---|---|
PARTIAL | PARTIAL | PARTIAL |
CVSS3
Base
8.1
Impact
5.9
Exploitability
2.2
Access
Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
HIGH | NETWORK | NONE | UNCHANGED | NONE |
Impact
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
VIA4 references
cvss-vector
via4
cvss3-vector
via4
refmap
via4
bid | 96140 |
confirm | https://github.com/micahflee/torbrowser-launcher/issues/229 |