CVE-2019-5164

Published: Dec 3, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Affected (3)

Products: Shadowsocks: Shadowsocks Libev · Opensuse: Backports Sle, Leap

1 product

Shadowsocks Libev

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shadowsocks Shadowsocks Libev	Version 3.3.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports Sle	Version 15.0 sp1
Opensuse Leap	Version 15.1

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html

Source: talos-cna@cisco.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html

Source: talos-cna@cisco.com

Mailing ListThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958

Source: talos-cna@cisco.com

ExploitMitigationThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

Timeline

No history available yet.