Code Execution and Privilege Escalation Vulnerability in Shadowsocks-libev 3.3.2

Code Execution and Privilege Escalation Vulnerability in Shadowsocks-libev 3.3.2

CVE-2019-5164 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Learn more about our Network Penetration Testing.