shadowsocks/shadowsocks-libev
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = 3.3.2 | 7.4 HIGH | 5.8 MEDIUM | ||
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. | ||||
| = 3.3.2 | 7.5 HIGH | 4.3 MEDIUM | ||
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | ||||
| = 3.3.2 | 7.8 HIGH | 4.6 MEDIUM | ||
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | ||||
| = 3.0.8, = 3.0.7, = 3.0.6, = 3.0.5, = 3.0.4, = 3.0.3, = 3.0.2, = 3.0.1, = 3.0.0, = 2.6.3, = 2.4.6, = 2.4.5, = 2.4.4, = 2.4.3, = 2.5.5, = 2.5.4, = 2.5.3, = 2.5.2, = 2.6.2, = 2.6.0, = 2.5.0, = 2.4.7, = 2.4.2, = 2.6.1, = 2.5.6, = 2.5.1, = 2.4.8, = 2.1.2, = 2.1.1, = 2.1.0, = 2.0.8, = 1.5.1, = 1.5.0, = 1.4.8, = 1.4.7, = 2.3.1, = 2.3.0, = 2.2.3, = 2.2.2, = 2.0.3, = 2.0.2, = 2.0.1, = 1.6.4, = 2.4.0, = 2.3.2, = 2.2.1, = 2.1.4, = 2.0.6, = 2.0.4, = 1.6.3, = 1.6.1, = 1.5.2, = 1.4.6, = 1.4.4, = 2.4.1, = 2.3.3, = 2.2.0, = 2.1.3, = 2.0.7, = 2.0.5, = 1.6.2, = 1.5.3, = 1.4.5, = 1.4.2, = 1.4.1, = 1.4.0, = 1.3.2, = 3.1.0, = 1.4.3, = 1.3 | — | 7.2 HIGH | ||
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | ||||