High severity7.8NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026
CVE-2017-15924
CVE-2017-15924
Description
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
Affected products
71cpe:2.3:a:shadowsocks:shadowsocks-libev:1.3:*:*:*:*:*:*:*+ 69 more
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:shadowsocks:shadowsocks-libev:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/nvdExploitThird Party Advisory
- openwall.com/lists/oss-security/2017/10/13/2nvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4009nvdThird Party Advisory
- github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3nvdThird Party Advisory
- github.com/shadowsocks/shadowsocks-libev/issues/1734nvdThird Party Advisory
News mentions
0No linked articles in our index yet.