CVEs-PoC/2014/CVE-2014-3572.md at 8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d

mirror of https://github.com/0xMarcio/cve.git synced 2026-03-05 22:50:56 +00:00

Files

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

POC

Reference

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/neominds/JPN_RIC13351-2

1.3 KiB Raw Blame History

CVE-2014-3572

Description

POC

Reference

Github

1.3 KiB

Raw Blame History