CVE-2019-5164
published 2019-12-03CVE-2019-5164: An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shadowsocks-libev | < shadowsocks-libev 3.3.3+ds-2 (bookworm) | shadowsocks-libev 3.3.3+ds-2 (bookworm) |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| shadowsocks | shadowsocks-libev | — | — |
| shadowsocks | shadowsocks-libev | >= 0 < 3.3.3+ds-2 | 3.3.3+ds-2 |
| shadowsocks | shadowsocks-libev | >= 0 < 3.3.3+ds-2 | 3.3.3+ds-2 |
| shadowsocks | shadowsocks-libev | >= 0 < 3.3.3+ds-2 | 3.3.3+ds-2 |
| shadowsocks | shadowsocks-libev | >= 0 < 3.3.3+ds-2 | 3.3.3+ds-2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH