CVE-2019-5163
 
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
Hay una vulnerabilidad de denegación de servicio explotable en la funcionalidad UDPRelay de Shadowsocks-libev versión 3.3.2. Cuando se utiliza un Cifrado de Flujo y un local_address, unos paquetes UDP arbitrarios pueden causar una ruta de código de error FATAL y salir. Un atacante puede enviar paquetes UDP arbitrarios para activar esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-04 CVE Reserved
- 2019-12-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Shadowsocks Search vendor "Shadowsocks" | Shadowsocks-libev Search vendor "Shadowsocks" for product "Shadowsocks-libev" | 3.3.2 Search vendor "Shadowsocks" for product "Shadowsocks-libev" and version "3.3.2" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Search vendor "Opensuse" for product "Backports" | sle-15 Search vendor "Opensuse" for product "Backports" and version "sle-15" | sp1 |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|