PT-2019-17504 · Libev+1 · Shadowsocks-Libev+1

Published

2019-12-03

Updated

2024-06-15

CVE-2019-5163

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Shadowsocks-libev version 3.3.2

Description A denial-of-service issue exists in the UDPRelay functionality. When using a Stream Cipher and a local address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this issue.

Recommendations For Shadowsocks-libev version 3.3.2, consider disabling the UDPRelay functionality as a temporary workaround until a patch is available. Restrict access to the local address to minimize the risk of exploitation.

Exploit

Fix

DoS

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-5163

MGASA-2020-0006

OPENSUSE-SU-2019:2667-1

OPENSUSE-SU-2019_2667-1

OPENSUSE-SU-2020:0142-1

OPENSUSE-SU-2024:11379-1

Affected Products

Shadowsocks-Libev

Suse

PT-2019-17504 · Libev+1 · Shadowsocks-Libev+1

CVE-2019-5163

Weakness Enumeration

Related Identifiers

Affected Products

References · 29