CVE-2010-0385

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.

Published: 2010-01-25 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-0385 is rated Moderate Risk (40.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.43%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-0385

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 0.91% 0.43% -0.47%
2 2025-03-29 0.43% 0.91% +0.47%
3 2025-03-17 0.43%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-0385

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2010-0385

OS Trackers for CVE-2010-0385

vendor priority summary link
debian low CVE-2010-0385 low priority: Debian including 1 source packages (tor), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-0385
ubuntu medium CVE-2010-0385 medium priority: Ubuntu including 1 source packages (tor), 10 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): DNE 4, ignored 3, not-affected 2, needs-triage 1. https://ubuntu.com/security/CVE-2010-0385

Affected software / configurations for CVE-2010-0385

Vendor Product Version Raw CPE
tor tor 0.0.2 cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tor tor 0.0.2_pre13 cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tor tor 0.0.2_pre14 cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tor tor 0.0.2_pre15 cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tor tor 0.0.2_pre16 cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tor tor 0.0.2_pre17 cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tor tor 0.0.2_pre18 cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tor tor 0.0.2_pre19 cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tor tor 0.0.2_pre20 cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tor tor 0.0.2_pre21 cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
tor tor 0.0.2_pre22 cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
tor tor 0.0.2_pre23 cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
tor tor 0.0.2_pre24 cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
tor tor 0.0.2_pre25 cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
tor tor 0.0.2_pre26 cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
tor tor 0.0.2_pre27 cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
tor tor 0.0.3 cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
tor tor 0.0.4 cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
tor tor 0.0.5 cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
tor tor 0.0.6 cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
tor tor 0.0.6.1 cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
tor tor 0.0.6.2 cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
tor tor 0.0.7 cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
tor tor 0.0.7.1 cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
tor tor 0.0.7.2 cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
tor tor 0.0.7.3 cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
tor tor 0.0.8 cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
tor tor 0.0.8.1 cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
tor tor 0.0.9 cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
tor tor 0.0.9.1 cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
tor tor 0.0.9.2 cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
tor tor 0.0.9.3 cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
tor tor 0.0.9.4 cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
tor tor 0.0.9.5 cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
tor tor 0.0.9.6 cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
tor tor 0.0.9.7 cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
tor tor 0.0.9.8 cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
tor tor 0.0.9.9 cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
tor tor 0.0.9.10 cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
tor tor 0.1.0.1 cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
tor tor 0.1.0.2 cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
tor tor 0.1.0.3 cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
tor tor 0.1.0.4 cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
tor tor 0.1.0.5 cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
tor tor 0.1.0.6 cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
tor tor 0.1.0.7 cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
tor tor 0.1.0.8 cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
tor tor 0.1.0.9 cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
tor tor 0.1.0.10 cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
tor tor 0.1.0.11 cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
tor tor 0.1.0.12 cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
tor tor 0.1.0.13 cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
tor tor 0.1.0.14 cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
tor tor 0.1.0.15 cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
tor tor 0.1.0.16 cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
tor tor 0.1.0.17 cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
tor tor 0.1.0.18 cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
tor tor 0.1.0.19 cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
tor tor 0.1.1 cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*
tor tor 0.1.1.1 cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*
tor tor 0.1.1.1_alpha cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.2 cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*
tor tor 0.1.1.2_alpha cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.3 cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*
tor tor 0.1.1.3_alpha cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.4 cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*
tor tor 0.1.1.4_alpha cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.5 cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*
tor tor 0.1.1.5_alpha cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.6 cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*
tor tor 0.1.1.6_alpha cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.7 cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*
tor tor 0.1.1.7_alpha cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.8 cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*
tor tor 0.1.1.8_alpha cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.9 cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*
tor tor 0.1.1.9_alpha cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.10 cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*
tor tor 0.1.1.10_alpha cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*
tor tor 0.1.1.11 cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*

References for CVE-2010-0385

cvelogic Threat Intelligence