CVE-2019-5152
- EPSS 0.34%
- Published 18.12.2019 15:15:11
- Last modified 21.11.2024 04:44:26
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the s...
CVE-2019-5163
- EPSS 0.49%
- Published 03.12.2019 22:15:15
- Last modified 21.11.2024 04:44:28
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send...
CVE-2019-5164
- EPSS 0.43%
- Published 03.12.2019 22:15:15
- Last modified 21.11.2024 04:44:28
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. A...
CVE-2017-15924
- EPSS 0.45%
- Published 27.10.2017 16:29:00
- Last modified 20.04.2025 01:37:25
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_comma...