Shadowsocks Libev Shadowsocks Libev

Do you want an email whenever new security vulnerabilities are reported in Shadowsocks Libev?

By the Year

In 2024 there have been 0 vulnerabilities in Shadowsocks Libev . Shadowsocks Libev did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 3 7.57
2018 0 0.00

It may take a day or so for new Shadowsocks Libev vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Shadowsocks Libev Security Vulnerabilities

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2

CVE-2019-5152 7.4 - High - December 18, 2019

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

Missing Authentication for Critical Function

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2

CVE-2019-5163 7.5 - High - December 03, 2019

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Missing Authentication for Critical Function

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2

CVE-2019-5164 7.8 - High - December 03, 2019

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Missing Authentication for Critical Function

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Backports Sle or by Shadowsocks? Click the Watch button to subscribe.

Shadowsocks
Vendor

subscribe