Fluid Attacks Database

Description

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	shadowsocks-libev	=3.3.5+ds-10 \|\| =3.3.5+ds-11 \|\| =3.3.5+ds-12 \|\| =3.3.5+ds-13 \|\| =3.3.5+ds-14 \|\| =3.3.5+ds-15 \|\| =3.3.5+ds-16 \|\| =3.3.5+ds-4 \|\| =3.3.5+ds-5 \|\| =3.3.5+ds-6 \|\| =3.3.5+ds-7 \|\| =3.3.5+ds-8 \|\| =3.3.5+ds-9 \|\| =3.3.6+ds-1 \|\| =3.3.6+ds-2
debian 12	shadowsocks-libev	=3.3.5+ds-10 \|\| =3.3.5+ds-11 \|\| =3.3.5+ds-12 \|\| =3.3.5+ds-13 \|\| =3.3.5+ds-14 \|\| =3.3.5+ds-15 \|\| =3.3.5+ds-16 \|\| =3.3.6+ds-1 \|\| =3.3.6+ds-2
debian 13	shadowsocks-libev	=3.3.5+ds-16 \|\| =3.3.6+ds-1 \|\| =3.3.6+ds-2
debian 14	shadowsocks-libev	=3.3.5+ds-16 \|\| =3.3.6+ds-1 \|\| =3.3.6+ds-2

Aliases

1. CVE-2019-51522. NVD-2019-51523. OSV-DEBIAN-2019-51524. OSV-2019-51525. SECURITY-TRACKER-CVE-2019-5152

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.