Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-5152

Date: December 18, 2019

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

Severity Score

Related Resources (5)

https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5152
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
https://nvd.nist.gov/vuln/detail/CVE-2019-5152
https://security-tracker.debian.org/tracker/CVE-2019-5152
https://www.mend.io/vulnerability-database/CVE-2019-5152

Severity Score

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us