Описание
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:shadowsocks:shadowsocks-libev:3.1.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00451
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.8
ubuntu
больше 8 лет назад
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
CVSS3: 7.8
debian
больше 8 лет назад
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsin ...
CVSS3: 7.8
github
больше 3 лет назад
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
CVSS3: 7.8
fstec
больше 8 лет назад
Уязвимость компонента ss-manager (manager.c) прокси-сервера shadowsocks-libev, позволяющая нарушителю внедрить произвольную команду или выполнить произвольный код
EPSS
Процентиль: 63%
0.00451
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-78