Voyager18 (research)

CVE-2021-34550: One of July's most searched vulnerabilities and how to fix it

CVE-2021-34550 was one of the most searched vulnerabilities in the Vulcan Remedy cloud for July 2021. Here's how to fix it.

Orani Amroussi | August 16, 2021

Vulcan Cyber is your security partner when it comes to identifying and fixing vulnerabilities. One of the ways we give back to the community is through Vulcan Remedy Cloud, the world’s largest free and curated database of reliable vulnerability solutions. Vulcan Remedy Cloud offers you detailed information to help your team remediate today’s most concerning vulnerabilities. In the previous blog, we covered one of the most visited vulnerabilities for July 2021. In this post, we will address CVE-2021-34550, which affects the secure Tor browser across a wide range of platforms, and was one of the most searched vulnerabilities for July. Specifically, this vulnerability targets the Onion Service Descriptor Parser for all versions of the Tor browser up to and could be exploited to crash connecting clients.

What is the CVE-2021-34550 vulnerability?

Tor, which stands for The Onion Router, is a secure anonymous browser used by individuals who want to keep their browsing activity confidential. While commonly associated with dark-web and illegitimate activities, it has a strong following among individuals who value online privacy, as well as organizations seeking to protect the privacy of clients, such as social-work agencies handling victims of domestic abuse. However, several cracks that could compromise privacy have been discovered recently in Tor, including the CVE-2021-34550 vulnerability.

Does it affect me?

If you use the Tor browser and have not yet upgraded to a version numbered or above (also known as TROVE 2021-006), you are affected by this vulnerability. This applies to Tor versions being run on Windows, Linux, Android, and any other systems.

Has CVE-2021-34550 been actively exploited in the wild?

It is not known whether this vulnerability has been exploited in the wild. No exploits have been logged so far.

How do I remediate CVE-2021-34550?

To fully protect your network against this Tor browser vulnerability, download the most recent version of the Tor browser.

There are no known workarounds available to substitute for this remediation step. In order to continue using Tor securely, the update must be implemented as soon as possible on all affected devices.

Keep up with emerging vulnerabilities. Get free access to thousands of vulnerabilities and get fix done with Remedy Cloud.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy