Fluid Attacks Database

Description

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	shadowsocks-libev	>=0 <3.3.3+ds-2	3.3.3+ds-2
debian 11	shadowsocks-libev	>=0 <3.3.3+ds-2	3.3.3+ds-2
debian 12	shadowsocks-libev	>=0 <3.3.3+ds-2	3.3.3+ds-2
debian 13	shadowsocks-libev	>=0 <3.3.3+ds-2	3.3.3+ds-2

Aliases

1. CVE-2019-51632. NVD-2019-51633. OSV-DEBIAN-2019-51634. OSV-2019-51635. SECURITY-TRACKER-CVE-2019-5163

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.