CVE-2019-5164

Опубликовано: 03 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html
Mailing List
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
Exploit
Mitigation
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html
Mailing List
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shadowsocks:shadowsocks-libev:3.3.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

CVE-2019-5164

CVSS3: 7.8

ubuntu

около 6 лет назад

CVE-2019-5164

CVSS3: 7.8

debian

около 6 лет назад

An exploitable code execution vulnerability exists in the ss-manager b ...

GHSA-rcm9-p88f-cmqm

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2019:2667-1

suse-cvrf

около 6 лет назад

Security update for shadowsocks-libev

EPSS

Процентиль: 62%

0.00429

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-306