CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:shadowsocks:shadowsocks-libev:3.3.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

History

17 Jun 2022, 13:30

Type Values Removed Values Added
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html - Mailing List, Third Party Advisory
CPE cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Information

Published : 2019-12-03 22:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-5164

Mitre link : CVE-2019-5164

CVE.ORG link : CVE-2019-5164


JSON object : View

Products Affected

opensuse

  • leap
  • backports_sle

shadowsocks

  • shadowsocks-libev
CWE
CWE-306

Missing Authentication for Critical Function