mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
976 B
976 B
CVE-2019-10013
Description
The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.
POC
Reference
- http://packetstormsecurity.com/files/155500/axTLS-2.1.5-Denial-Of-Service.html
- https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842
Github
No PoCs found on GitHub currently.