CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

UBUNTU-CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

UBUNTU-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

CVE-2019-5164

CVE-2019-5164 affects shadowsocks-libev, specifically the ss-manager binary (version 3.3.2). A vulnerability in processing specially crafted network packets can lead to arbitrary code execution and privilege escalation on the host. The issue is tied to the ss-manager component and has been addres...

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

CVE-2019-5163

CVE-2019-5163 affects Shadowsocks-libev 3.3.2’s UDPRelay when using a Stream Cipher and a local_address; sending arbitrary UDP packets can trigger a FATAL error path and exit, constituting a denial-of-service. The issue is mitigated by upgrading to Shadowsocks-libev 3.3.3, as referenced by severa...

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

Shadowsocks-libev Information Disclosure Vulnerability

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An information disclosure vulnerability exists in the network packet handling feature in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to disclose information with the help of specially crafted...

Shadowsocks-libev Access Control Error Vulnerability (CNVD-2020-00259)

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An access control error vulnerability exists in the ss-manager binary in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to elevate privileges and execute arbitrary code...

Shadowsocks-libev ss-manager add_server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

FreeBSD : shadowsocks-libev -- command injection via shell metacharacters (3746de31-0a1a-11e8-83e7-485b3931c969)

MITRE reports : Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

The vulnerability of the ss-manager component (manager.c) of the shadowsocks-libev proxy server allows a hacker to inject any command or execute any code.

The vulnerability of the ss-manager component manager.c of the shadowsock-libev proxy server is related to insufficient cleaning of special elements used in the command. Exploiting this vulnerability allows a local attacker to inject arbitrary commands or execute arbitrary code by sending a...

MGASA-2017-0436 Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

[ASA-201711-40] shadowsocks-libev: arbitrary command execution

Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...

openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)

This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...

shadowsocks-libev command execution vulnerability

shadowsocks-libev is a SOCKS5 proxy for embedded devices written in C. ss-manager is one of the ss management tools. A security vulnerability exists in the manager.c file of ss-manager in shadowsocks-libev version 3.1.0. An attacker can exploit this vulnerability to execute commands...

Debian DSA-4009-1 : shadowsocks-libev - security update

Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...