NotCVE - vendor:"Shadowsocks" product:"Shadowsocks-libev" version:"3.3.2"

3 results (0.006 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-5152

https://notcve.org/view.php?id=CVE-2019-5152

18 Dec 2019 — An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información explotable en la funcionalidad de manejo de paquetes de red de Shadowsocks-libev versió... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942 • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 1

CVE-2019-5164

https://notcve.org/view.php?id=CVE-2019-5164

03 Dec 2019 — An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. Hay una vulnerabilidad de ejecución de código explotable en el binario ss-manager de Shadowsocks-libev versión 3.3.2. Unos paquetes de red especialmente diseñados enviados a ss-manager pueden cau... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-5163

https://notcve.org/view.php?id=CVE-2019-5163

03 Dec 2019 — An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. Hay una vulnerabilidad de denegación de servicio explotable en la funcionalidad UDPRelay de Shadowsocks-libev versión 3.3.2. Cuando se utiliza un Cifrado de Flujo y un local_address, unos paquetes UDP arbitra... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html • CWE-306: Missing Authentication for Critical Function •