CVE-2019-5164 HIGH

CVE-2019-5164

Vendor N/A
Product Shadowsocks
Weakness CWE-306 · Missing auth
Published December 3, 2019
Last update August 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Key dates

02Disclosure timeline

December 3, 2019 CVE published
August 4, 2024 Record updated