UBUNTU-CVE-2019-5152

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-5152

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-5152.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-5152

Related

CVE-2019-5152

Published

2019-12-18T15:15:00Z

Modified

2025-04-23T15:10:56Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.

References

Affected packages

Ubuntu:Pro:18.04:LTS / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:deb/ubuntu/shadowsocks-libev@3.1.3+ds-1ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.8+ds-2

3.1.0+ds-3

3.1.0+ds-4

3.1.0+ds-5

3.1.1+ds-1

3.1.1+ds-2

3.1.1+ds-3

3.1.3+ds-1ubuntu1

3.1.3+ds-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:deb/ubuntu/shadowsocks-libev@3.3.4+ds-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.1+ds-1

3.3.2+ds-1

3.3.3+ds-1

3.3.3+ds-3

3.3.4+ds-1

3.3.4+ds-1ubuntu1

3.3.4+ds-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:deb/ubuntu/shadowsocks-libev@3.3.5+ds-7build1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.5+ds-4

3.3.5+ds-6

3.3.5+ds-7

3.3.5+ds-7build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:deb/ubuntu/shadowsocks-libev@3.3.5+ds-10build3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.5+ds-10

3.3.5+ds-10build1

3.3.5+ds-10build2

3.3.5+ds-10build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:deb/ubuntu/shadowsocks-libev@3.3.5+ds-16?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.5+ds-16

Ecosystem specific

{
    "ubuntu_priority": "medium"
}