CVEs-PoC/2015/CVE-2015-0293.md

CVE-2015-0293

Description

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

POC

Reference

• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
• http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Ananya-0306/vuln-finder
• https://github.com/Live-Hack-CVE/CVE-2015-0293
• https://github.com/chnzzh/OpenSSL-CVE-lib
• https://github.com/cve-search/git-vuln-finder