Shadowsocks Libev
By the Year
In 2024 there have been 0 vulnerabilities in Shadowsocks Libev . Shadowsocks Libev did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 3 | 7.57 |
2018 | 0 | 0.00 |
It may take a day or so for new Shadowsocks Libev vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Shadowsocks Libev Security Vulnerabilities
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2
CVE-2019-5152
7.4 - High
- December 18, 2019
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.
Missing Authentication for Critical Function
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2
CVE-2019-5163
7.5 - High
- December 03, 2019
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
Missing Authentication for Critical Function
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2
CVE-2019-5164
7.8 - High
- December 03, 2019
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
Missing Authentication for Critical Function
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Backports Sle or by Shadowsocks? Click the Watch button to subscribe.