mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-15 07:40:25 +02:00
0xMarcio
1.6 KiB
1.6 KiB
CVE-2017-3730
Description
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
POC
Reference
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.exploit-db.com/exploits/41192/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/RClueX/Hackerone-Reports
- https://github.com/akaganeite/CVE4PP
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/guidovranken/CVE-2017-3730
- https://github.com/imhunterand/hackerone-publicy-disclosed
- https://github.com/olivierh59500/CVE-2017-3730
- https://github.com/pankajkryadav/Hacktivity