Multithread Golang application# CVE-2022-21907 Golang Application by 1vere$k
CVE-2022-21907 - Double Free in http.sys driver.
## Summary
This is a multithreading Golang application wich allows make requests on few targets simultaneously.
Not very productive with the POST requests but it provides nearly 30% of speed comparing to a linear method.
An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request header triggering a double free in the unknown coding-list inside the HTTP Protocol Stack (http.sys) to process packets, resulting in a kernel crash.
## Usage
**Golang**:
```
Golang:
1. git clone https://github.com/iveresk/cve-2022-21907.git
2. cd cve-2022-21907
3. go build cve-2022-21907.go -o /cve-2022-21907
4. chmod +x cve-2022-21907
5. ./cve-2022-21907 -t <targetURL> [or <targetFile>]
```
**Docker Building Local**:
```
1. git clone https://github.com/iveresk/cve-2022-21907.git
2. cd cve-2022-21907
3. nano input.txt [input here your target's IPs in the list]
4. docker build -t <tagName> . || docker build --build-arg INPUT_FILE=<default_target_filename> -t <tagName> .
[In Docker there is a default file named as "input.txt", but you may specify your own one]
5. docker run -it <tagName> || docker run -it -e INPUT_FILE=<target_filename> <tagName>
```
**Docker Repository**
```
docker pull masterrooot/cve-2022-21907:latest
docker run -it <tagName> || docker run -it -e INPUT_FILE=<target_filename> <tagName>
```
## Vulnerable systems
Windows Server 2019 and Windows 10 version 1809:
- Not vulnerable by default. Unless you have set the HTTP Trailer Support.
- Windows 10 version 2004 (build 19041.450): Vulnerable
## Contact
You are free to contact me via [Keybase](https://keybase.io/1veresk) for any details.
[4.0K] /data/pocs/56979808073b99a9b9d3572a1ae6caadbcaf6e73
├── [1.4K] cve-2022-21907.go
├── [ 486] Dockerfile
├── [4.0K] exploit
│ └── [1.8K] exploit.go
├── [ 31] go.mod
├── [1.0K] LICENSE
├── [1.7K] README.md
└── [ 104] vm-setup.sh
1 directory, 7 files