cve/2015/CVE-2015-1789.md

CVE-2015-1789

Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

POC

Reference

• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.securityfocus.com/bid/91787
• https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://kc.mcafee.com/corporate/index?page=content&id=SB10122

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/CAF-Extended/external_honggfuzz
• https://github.com/Corvus-AOSP/android_external_honggfuzz
• https://github.com/DennissimOS/platform_external_honggfuzz
• https://github.com/ForkLineageOS/external_honggfuzz
• https://github.com/HavocR/external_honggfuzz
• https://github.com/Live-Hack-CVE/CVE-2015-1789
• https://github.com/Ozone-OS/external_honggfuzz
• https://github.com/ProtonAOSP-platina/android_external_honggfuzz
• https://github.com/ProtonAOSP/android_external_honggfuzz
• https://github.com/Samaritin/OSINT
• https://github.com/StatiXOS/android_external_honggfuzz
• https://github.com/TheXPerienceProject/android_external_honggfuzz
• https://github.com/TinkerBoard-Android/external-honggfuzz
• https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz
• https://github.com/TinkerBoard2-Android/external-honggfuzz
• https://github.com/TinkerEdgeR-Android/external_honggfuzz
• https://github.com/Tomoms/android_external_honggfuzz
• https://github.com/Wave-Project/external_honggfuzz
• https://github.com/aosp-caf-upstream/platform_external_honggfuzz
• https://github.com/aosp10-public/external_honggfuzz
• https://github.com/bananadroid/android_external_honggfuzz
• https://github.com/chnzzh/OpenSSL-CVE-lib
• https://github.com/crdroid-r/external_honggfuzz
• https://github.com/crdroidandroid/android_external_honggfuzz
• https://github.com/ep-infosec/50_google_honggfuzz
• https://github.com/google/honggfuzz
• https://github.com/imbaya2466/honggfuzz_READ
• https://github.com/jingpad-bsp/android_external_honggfuzz
• https://github.com/khadas/android_external_honggfuzz
• https://github.com/lllnx/lllnx
• https://github.com/r-mirror/android_external_honggfuzz
• https://github.com/r3p3r/nixawk-honggfuzz
• https://github.com/random-aosp-stuff/android_external_honggfuzz
• https://github.com/uiop7774/Honggfuzz_mod
• https://github.com/yaap/external_honggfuzz