CVE-2024-45337 PoC — Golang Go crypto 安全漏洞

Source

https://github.com/NHAS/CVE-2024-45337-POC

Associated Vulnerability

Title:Golang Go crypto 安全漏洞 (CVE-2024-45337)
Description:Golang Go crypto是Golang社区的一款基于 Go 语言的加密代码库。 Golang Go crypto存在安全漏洞，该漏洞源于容易受到授权绕过的影响。

Description

Proof of concept (POC) for CVE-2024-45337

Readme

# CVE-2024-45337-POC
Proof of concept (POC) for CVE-2024-45337 

## Build
```sh
go version
# go version go1.23.2 linux/amd64
go build
```

## Usage
```sh
Usage of ./CVE-2024-45337-POC:
  -addr string
        Address of ssh server (default "127.0.0.1:2222")
  -authorised-pubkey string
        The allowed pubkey that will pass verification (Must be pub key) (default "id_ed25519.pub")
```

## Something to exploit
I've written a dummy project that you can try this against.

github.com/NHAS/VULNERABLE-CVE-2024-45337

File Snapshot


 [4.0K]  /data/pocs/5ac1594493c69f60e0fcf074d92c0b402b95b036
├── [ 212]  go.mod
├── [1.0K]  go.sum
├── [2.2K]  main.go
└── [ 516]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!