CVE-2021-3345 PoC — Libgcrypt 缓冲区错误漏洞

Source

https://github.com/MLGRadish/CVE-2021-3345

Associated Vulnerability

Title:Libgcrypt 缓冲区错误漏洞 (CVE-2021-3345)
Description:Libgcrypt是GNU计划开发（Gnu计划开发）的一个基于GnuPG代码的通用加密库。该库实现了各种加密算法，包括对称密码、哈希算法、公开密钥算法等。 Libgcrypt before 1.9.1 存在缓冲区错误漏洞，该漏洞源于Libgcrypt中的gcry md block write in cipher hash-common.c digest final函数设置一个大的计数值时出现基于堆的缓冲区溢出。

Description

POC exploit of CVE-2021-3345, a vulnerability in libgcrypt version 1.9.0

Readme

# CVE-2021-3345

#### How to build vulnerable libgcrypt
``` 
git clone --single-branch --branch LIBGCRYPT-1.9-BRANCH https://dev.gnupg.org/source/libgcrypt.git
cd libgcrypt
git checkout aa3f595341eb
./autogen.sh
./configure --enable-maintainer-mode && make
```
#### How to use exploit
```
make
./main
```

This vulnerability is not really interesting, because most distros use an older version of libgcrypt so they are not vulnerable. There is a possibilty this can be reproduced on other software that uses libgcrypt as a dependency.

File Snapshot


 [4.0K]  /data/pocs/7ebfdbf30c674122d063f02abce3ab97152cc911
├── [1.0K]  LICENSE
├── [2.6K]  main.c
├── [ 376]  Makefile
└── [ 535]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!