Information Disclosure Vulnerability in Shadowsocks-libev 3.3.2 Allows Outbound Connection and Data Leakage

Information Disclosure Vulnerability in Shadowsocks-libev 3.3.2 Allows Outbound Connection and Data Leakage

CVE-2019-5152 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.