CVE-2019-5152
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.
Se presenta una vulnerabilidad de divulgación de información explotable en la funcionalidad de manejo de paquetes de red de Shadowsocks-libev versión 3.3.2. Cuando se utiliza un Cifrado de Flujo, un conjunto de paquetes de red especialmente diseñado puede causar una conexión saliente del servidor, resultando en una divulgación de información. Un atacante puede enviar paquetes arbitrarios para activar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2019-12-18 CVE Published
- 2023-04-22 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Shadowsocks Search vendor "Shadowsocks" | Shadowsocks-libev Search vendor "Shadowsocks" for product "Shadowsocks-libev" | 3.3.2 Search vendor "Shadowsocks" for product "Shadowsocks-libev" and version "3.3.2" | - |
Affected
|