HIGH🇵🇱 Wersja polska

CVE-2019-5152

CVSS 7.4v3.1pub. 2019-12-18upd. 2024-11-21

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Shadowsocks Libev

    APP
    Shadowsocks
    3.3.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-5163HIGH7.5ten sam produkt

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2...

CVE-2019-5164HIGH7.8ten sam produkt

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specia...

CVE-2017-15924HIGH7.8ten sam produkt

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell met...

CVE-2023-27574CRITICAL9.8ten sam vendor

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJEC...