Shadowsocks-libev 3.3.2 Missing Authentication for Critical Function Vulnerability

Summary

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956


Details

When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

 

Vulnerable Systems:

Shadowsocks-libev 3.3.2

 

CVE Information:

CVE-2019-5163

 

Disclosure Timeline:
Published Date:12/3/2019

Categories: News