Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source
https://github.com/hreese/heartbleed-dtls
Associated Vulnerability
Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
Description
POC for CVE-2014-0160 (Heartbleed) for DTLS
Readme
# heartbleed-dtls-test

POC for CVE-2014-0160 (Heartbleed) for DTLS.

## License

This code is licensed uder the BSD 3-Clause License (file LICENSE), which is 99% identical to
Go's license (file LICENSE.golang). Given that large parts of this code are
copied/inspired by golang's tls code, both license files are included to adhere
to golang's license.
File Snapshot

 [4.0K]  /data/pocs/716b8d0b29d4418d1cdcb1aeb424392b405c5be5
├── [4.0K]  dtls-heartbleed-test
│   └── [2.7K]  main.go
├── [4.0K]  exploit
│   └── [1.2K]  exploit.go
├── [4.0K]  handshake
│   ├── [1.9K]  common.go
│   ├── [5.8K]  dtlsClientHelloMsg.go
│   ├── [2.3K]  dtlsClientHelloMsg_test.go
│   ├── [2.1K]  dtlsHandshake.go
│   ├── [2.0K]  dtlsHandshake_test.go
│   ├── [1.2K]  dtlsHelloVerifyMsg.go
│   ├── [2.0K]  dtlsRecord.go
│   ├── [2.1K]  dtlsRecord_test.go
│   ├── [ 520]  dtls_test.go
│   └── [1.6K]  util.go
├── [1.5K]  LICENSE
├── [1.4K]  LICENSE.golang
├── [ 353]  README.md
└── [4.0K]  tests
    ├── [  40]  ca.tmpl
    ├── [ 464]  dtls_lo_gnutls_ClientHello_only.pcapng
    ├── [4.1K]  dtls_lo_gnutls_to_openssl.pcapng
    ├── [3.8K]  dtls_lo_openssl_to_openssl_no_session_ticket.pcapng
    ├── [3.9K]  dtls_lo_openssl_to_openssl.pcapng
    ├── [2.8M]  openssl_vuln
    ├── [ 112]  server.tmpl
    ├── [ 101]  start_dtls_gnutls_client.sh
    ├── [ 179]  start_dtls_gnutls_server.sh
    ├── [ 126]  start_dtls_openssl_client.sh
    ├── [ 170]  start_dtls_openssl_server.sh
    ├── [ 20K]  tls_lo_exploit_to_openssl.pcapng
    ├── [6.6K]  x509-ca-key.pem
    ├── [1.2K]  x509-ca.pem
    ├── [6.6K]  x509-server-key.pem
    └── [1.3K]  x509-server.pem

4 directories, 31 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.