GCVE - cpe:2.3:a:n/a:shadowsocks:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:shadowsocks:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Shadowsocks (`086b39fa-8c33-526b-ae3b-7c79b2c25770`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-5164`	vulnerable	2026-06-08 05:13:57.781732	Details available HIGH (7.8) An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. Published: 2019-12-03T21:56:21.000Z Updated: 2024-08-04T19:47:56.612Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5163`	vulnerable	2026-06-08 05:13:57.778745	Details available MEDIUM (5.9) An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. Published: 2019-12-03T21:55:47.000Z Updated: 2024-08-04T19:47:56.616Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00061.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5152`	vulnerable	2026-06-08 05:13:57.768749	Details available HIGH (7.4) An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. Published: 2019-12-18T14:31:56.000Z Updated: 2024-08-04T19:47:56.594Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.