mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
24 lines
1.2 KiB
Markdown
24 lines
1.2 KiB
Markdown
|
### [CVE-2015-0208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/Live-Hack-CVE/CVE-2015-0208
|
||
|
|
- https://github.com/chnzzh/OpenSSL-CVE-lib
|
||
|
|
|