{"id":"UBUNTU-CVE-2019-5164","details":"An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.","modified":"2026-04-22T13:47:41.996283Z","published":"2019-12-03T22:15:00Z","upstream":["CVE-2019-5164"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-5164"},{"type":"REPORT","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958"},{"type":"REPORT","url":"https://github.com/shadowsocks/shadowsocks-libev/issues/2537"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-5164"}],"affected":[{"package":{"name":"shadowsocks-libev","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/shadowsocks-libev@3.1.3+ds-1ubuntu2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.8+ds-2","3.1.0+ds-3","3.1.0+ds-4","3.1.0+ds-5","3.1.1+ds-1","3.1.1+ds-2","3.1.1+ds-3","3.1.3+ds-1ubuntu1","3.1.3+ds-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"libshadowsocks-libev2","binary_version":"3.1.3+ds-1ubuntu2"},{"binary_name":"shadowsocks-libev","binary_version":"3.1.3+ds-1ubuntu2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-5164.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}