### [CVE-2015-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/91787

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CAF-Extended/external_honggfuzz
- https://github.com/Corvus-AOSP/android_external_honggfuzz
- https://github.com/DennissimOS/platform_external_honggfuzz
- https://github.com/ForkLineageOS/external_honggfuzz
- https://github.com/HavocR/external_honggfuzz
- https://github.com/Live-Hack-CVE/CVE-2015-1789
- https://github.com/Ozone-OS/external_honggfuzz
- https://github.com/ProtonAOSP-platina/android_external_honggfuzz
- https://github.com/ProtonAOSP/android_external_honggfuzz
- https://github.com/StatiXOS/android_external_honggfuzz
- https://github.com/TheXPerienceProject/android_external_honggfuzz
- https://github.com/TinkerBoard-Android/external-honggfuzz
- https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz
- https://github.com/TinkerBoard2-Android/external-honggfuzz
- https://github.com/TinkerEdgeR-Android/external_honggfuzz
- https://github.com/Tomoms/android_external_honggfuzz
- https://github.com/Wave-Project/external_honggfuzz
- https://github.com/aosp-caf-upstream/platform_external_honggfuzz
- https://github.com/aosp10-public/external_honggfuzz
- https://github.com/bananadroid/android_external_honggfuzz
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/crdroid-r/external_honggfuzz
- https://github.com/crdroidandroid/android_external_honggfuzz
- https://github.com/ep-infosec/50_google_honggfuzz
- https://github.com/google/honggfuzz
- https://github.com/imbaya2466/honggfuzz_READ
- https://github.com/jingpad-bsp/android_external_honggfuzz
- https://github.com/khadas/android_external_honggfuzz
- https://github.com/lllnx/lllnx
- https://github.com/r3p3r/nixawk-honggfuzz
- https://github.com/random-aosp-stuff/android_external_honggfuzz
- https://github.com/yaap/external_honggfuzz