http://bugzilla.opensuse.org/show_bug.cgi?id=1158365 Bug ID: 1158365 Summary: VUL-0: CVE-2019-5164: code execution vulnerability in the ss-manager binary of Shadowsocks-libev 3.3.2 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/248330/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: hillwoodroc@gmail.com Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-5164 An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5164 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958 -- You are receiving this mail because: You are on the CC list for the bug.