CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5152
https://notcve.org/view.php?id=CVE-2019-5152
18 Dec 2019 — An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información explotable en la funcionalidad de manejo de paquetes de red de Shadowsocks-libev versió... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 1CVE-2019-5164
https://notcve.org/view.php?id=CVE-2019-5164
03 Dec 2019 — An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. Hay una vulnerabilidad de ejecución de código explotable en el binario ss-manager de Shadowsocks-libev versión 3.3.2. Unos paquetes de red especialmente diseñados enviados a ss-manager pueden cau... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5163
https://notcve.org/view.php?id=CVE-2019-5163
03 Dec 2019 — An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. Hay una vulnerabilidad de denegación de servicio explotable en la funcionalidad UDPRelay de Shadowsocks-libev versión 3.3.2. Cuando se utiliza un Cifrado de Flujo y un local_address, unos paquetes UDP arbitra... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 1CVE-2017-15924 – Debian Security Advisory 4009-1
https://notcve.org/view.php?id=CVE-2017-15924
27 Oct 2017 — In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. En manager.c en ss-manager en shadowsocks-libev 3.1.0, un análisis sintáctico incorrecto permite que se inyecten comandos mediante metacaracteres shell en una petición de configuración JSON recibida mediante tráfico UDP 127.0.0.1. Esto está re... • http://openwall.com/lists/oss-security/2017/10/13/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •