CVE-2019-5163

CVE-2019-5163 affects Shadowsocks-libev 3.3.2’s UDPRelay when using a Stream Cipher and a local_address; sending arbitrary UDP packets can trigger a FATAL error path and exit, constituting a denial-of-service. The issue is mitigated by upgrading to Shadowsocks-libev 3.3.3, as referenced by severa...

CVE-2019-5164

CVE-2019-5164 affects shadowsocks-libev, specifically the ss-manager binary (version 3.3.2). A vulnerability in processing specially crafted network packets can lead to arbitrary code execution and privilege escalation on the host. The issue is tied to the ss-manager component and has been addres...

CVE-2017-15924

CVE-2017-15924 affects shadowsocks-libev (ss-manager) on version 3.1.0. Improper parsing of a JSON configuration request received via 127.0.0.1 UDP traffic enables local command injection through shell metacharacters in add_server, build_config, and construct_command_line pathways, potentially al...

CVE-2019-5152

CVE-2019-5152 affects Shadowsocks-libev 3.3.2. In the network packet handling path, when a Stream Cipher is used, a specially crafted set of packets can trigger an outbound connection from the server, resulting in information disclosure. The issue is described across multiple sources in this set,...