Missing Authentication for Critical Function Affecting shadowsocks-libev package, versions <3.3.3+ds-2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-SHADOWSOCKSLIBEV-536396
- published 2 Dec 2019
- disclosed 3 Dec 2019
Introduced: 2 Dec 2019
CVE-2019-5163 Open this link in a new tabHow to fix?
Upgrade Debian:11 shadowsocks-libev to version 3.3.3+ds-2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadowsocks-libev package and not the shadowsocks-libev package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.