A corrective release of the Tor 0.4.7.8 toolkit, used to organize the operation of the anonymous Tor network, has been published. The new version eliminates a vulnerability (CVE-2021-38385) that can be used to remotely initiate a denial of service. The potential impact of the problem on ensuring anonymity cannot be ruled out either. The problem leads to the termination of the process due to an assert check being triggered in the event of a discrepancy between checking digital signatures individually and in batch mode. Details will not be revealed until packages are updated in major distributions.
Source: opennet.ru