In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| shadowsocks | shadowsocks-libev | 1.6.3 |
| shadowsocks | shadowsocks-libev | 2.1.1 |
| shadowsocks | shadowsocks-libev | 2.0.8 |
| shadowsocks | shadowsocks-libev | 2.4.2 |
| shadowsocks | shadowsocks-libev | 3.0.3 |
| shadowsocks | shadowsocks-libev | 3.0.0 |
| shadowsocks | shadowsocks-libev | 1.6.4 |
| shadowsocks | shadowsocks-libev | 1.4.8 |
| shadowsocks | shadowsocks-libev | 2.4.8 |
| shadowsocks | shadowsocks-libev | 2.4.0 |
| shadowsocks | shadowsocks-libev | 2.5.5 |
| shadowsocks | shadowsocks-libev | 3.0.7 |
| shadowsocks | shadowsocks-libev | 1.3.2 |
| shadowsocks | shadowsocks-libev | 2.4.1 |
| shadowsocks | shadowsocks-libev | 2.0.1 |
| shadowsocks | shadowsocks-libev | 2.3.0 |
| shadowsocks | shadowsocks-libev | 3.1.0 |
| shadowsocks | shadowsocks-libev | 2.0.7 |
| shadowsocks | shadowsocks-libev | 2.1.0 |
| shadowsocks | shadowsocks-libev | 2.4.5 |
| shadowsocks | shadowsocks-libev | 2.6.1 |
| shadowsocks | shadowsocks-libev | 2.5.4 |
| shadowsocks | shadowsocks-libev | 2.6.2 |
| shadowsocks | shadowsocks-libev | 2.6.3 |
| shadowsocks | shadowsocks-libev | 3.0.1 |
| shadowsocks | shadowsocks-libev | 2.3.3 |
| shadowsocks | shadowsocks-libev | 2.5.1 |
| debian | debian_linux | 9.2 |
| shadowsocks | shadowsocks-libev | 2.6.0 |
| shadowsocks | shadowsocks-libev | 3.0.2 |
| shadowsocks | shadowsocks-libev | 3.0.6 |
| shadowsocks | shadowsocks-libev | 2.1.3 |
| shadowsocks | shadowsocks-libev | 1.6.2 |
| shadowsocks | shadowsocks-libev | 2.1.4 |
| shadowsocks | shadowsocks-libev | 2.5.6 |
| shadowsocks | shadowsocks-libev | 1.4.6 |
| shadowsocks | shadowsocks-libev | 2.3.2 |
| shadowsocks | shadowsocks-libev | 2.5.3 |
| shadowsocks | shadowsocks-libev | 2.4.7 |
| shadowsocks | shadowsocks-libev | 2.3.1 |
| shadowsocks | shadowsocks-libev | 1.4.1 |
| shadowsocks | shadowsocks-libev | 1.3 |
| shadowsocks | shadowsocks-libev | 2.0.6 |
| shadowsocks | shadowsocks-libev | 1.6.1 |
| shadowsocks | shadowsocks-libev | 1.4.0 |
| shadowsocks | shadowsocks-libev | 3.0.8 |
| shadowsocks | shadowsocks-libev | 1.4.4 |
| shadowsocks | shadowsocks-libev | 2.0.3 |
| shadowsocks | shadowsocks-libev | 2.2.1 |
| shadowsocks | shadowsocks-libev | 2.0.5 |
| shadowsocks | shadowsocks-libev | 2.2.2 |
| shadowsocks | shadowsocks-libev | 2.5.0 |
| shadowsocks | shadowsocks-libev | 2.0.4 |
| shadowsocks | shadowsocks-libev | 2.4.3 |
| shadowsocks | shadowsocks-libev | 1.4.7 |
| shadowsocks | shadowsocks-libev | 3.0.5 |
| shadowsocks | shadowsocks-libev | 2.4.4 |
| shadowsocks | shadowsocks-libev | 2.2.0 |
| shadowsocks | shadowsocks-libev | 1.4.5 |
| shadowsocks | shadowsocks-libev | 1.5.0 |
| shadowsocks | shadowsocks-libev | 1.5.1 |
| shadowsocks | shadowsocks-libev | 1.5.3 |
| shadowsocks | shadowsocks-libev | 2.2.3 |
| shadowsocks | shadowsocks-libev | 2.4.6 |
| shadowsocks | shadowsocks-libev | 2.1.2 |
| shadowsocks | shadowsocks-libev | 3.0.4 |
| shadowsocks | shadowsocks-libev | 2.0.2 |
| shadowsocks | shadowsocks-libev | 1.4.3 |
| shadowsocks | shadowsocks-libev | 1.4.2 |
| shadowsocks | shadowsocks-libev | 1.5.2 |
| shadowsocks | shadowsocks-libev | 2.5.2 |
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| shadowsocks | shadowsocks-libev | 3.3.2 |
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | backports | sle-15 |
| opensuse | leap | 15.1 |
| shadowsocks | shadowsocks-libev | 3.3.2 |
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | backports_sle | 15.0 |
| opensuse | leap | 15.1 |
| shadowsocks | shadowsocks-libev | 3.3.2 |
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| shadowsocks | shadowsocksx-ng | 1.10.0 |