CVE-2019-5164
Last modified
CVE-2019-5164 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. EPSS estimates a 0.73% chance of exploitation in the next 30 days.
Description
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Shadowsocks | Shadowsocks-Libev | 3.3.2 | — |
| Opensuse | Backports Sle | 15.0 | Sp1 |
| Opensuse | Leap | 15.1 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.htmlMailing List, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958Exploit, Mitigation, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.htmlMailing List, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958Exploit, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5164?
How severe is CVE-2019-5164?
How do I fix CVE-2019-5164?
Are you affected by CVE-2019-5164?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST