admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 20:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/开发语言漏洞/GO TLS握手 崩溃漏洞 CVE-2021-34558.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

631 B
Raw Blame History

GO TLS握手 崩溃漏洞 CVE-2021-34558

漏洞描述

There is a minor modification to ./vendor/github.com/refraction-networking/utls/handshake_server.go to enable the malicious handshake to be sent with a mismatching certificate/cipher.

漏洞影响

Go Version < (1.16.6+)

漏洞复现

image-20220520131711402

将会生成 https 服务,此时当版本较低时就会产生崩溃,例如部分扫描器对目标进行扫描时

image-20220520131729852