mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
25 lines
1.4 KiB
Markdown
25 lines
1.4 KiB
Markdown
|
### [CVE-2015-0209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/Live-Hack-CVE/CVE-2015-0209
|
||
|
|
- https://github.com/chnzzh/OpenSSL-CVE-lib
|
||
|
|
|