70 matches found
Updated shadowsocks-libev packages fix security vulnerabilities
Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...
CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
DEBIAN-CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
UBUNTU-CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
CVE-2019-5152
CVE-2019-5152 affects Shadowsocks-libev 3.3.2. In the network packet handling path, when a Stream Cipher is used, a specially crafted set of packets can trigger an outbound connection from the server, resulting in information disclosure. The issue is described across multiple sources in this set,...
CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
openSUSE Security Update : shadowsocks-libev (openSUSE-2019-2667)
This update for shadowsocks-libev fixes the following issues : - Update version to 3.3.3 - Refine the handling of suspicious connections. - Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality boo1158251, CVE-2019-5163 - Fix code execution vulnerability in the...
OPENSUSE-SU-2019:2667-1 Security update for shadowsocks-libev
This update for shadowsocks-libev fixes the following issues: - Update version to 3.3.3 Refine the handling of suspicious connections. Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality boo1158251, CVE-2019-5163 Fix code execution vulnerability in the ss-manager...
Security update for shadowsocks-libev (moderate)
openSUSE Security Update: Security update for shadowsocks-libev Announcement ID: openSUSE-SU-2019:2667-1 Rating: moderate References: 1158251 1158365 Cross-References: CVE-2019-5163 CVE-2019-5164 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available...
Shadowsocks-libev Access Control Error Vulnerability
Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An Access Control Error vulnerability exists in the UDPRelay feature in Shadowsocks-libev version 3.3.2. The vulnerability stems from a network system or product not properly restricting access to resources from...
CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
DEBIAN-CVE-2019-5164
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...
CVE-2019-5164
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...
CVE-2019-5164
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...
DEBIAN-CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
CVE-2019-5164
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...
Remote code execution
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...