HIGH🇬🇧 English

CVE-2019-5152

CVSS 7.4v3.1pub. 2019-12-18upd. 2024-11-21

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Shadowsocks Libev

    APP
    Shadowsocks
    3.3.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-5163HIGH7.5ten sam produkt

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2...

CVE-2019-5164HIGH7.8ten sam produkt

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specia...

CVE-2017-15924HIGH7.8ten sam produkt

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell met...

CVE-2023-27574CRITICAL9.8ten sam vendor

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJEC...