first commit

openssl/CVE-2022-0778/README.md

@@ -0,0 +1,49 @@
+# OpenSSL Infinite Loop Leads to DoS (CVE-2022-0778)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.
+
+A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.
+
+Reference links:
+
+- <https://github.com/drago-96/CVE-2022-0778>
+- <https://www.cnblogs.com/logchen/p/16030515.html>
+- <https://catbro666.github.io/posts/83951100/>
+- <https://github.com/yywing/cve-2022-0778>
+
+## Vulnerability environment
+
+Execute following command to start a server:
+
+```
+docker compose up -d
+```
+
+## Reproduce vulnerability
+
+Firstly, use [this project](https://github.com/vulhub/cve-2022-0778) to build and run an evil server. If you don't have the Golang compiler, just use the Docker image:
+
+```
+docker run -it --rm -p 12345:12345 yywing/cve-2022-0778 --addr 0.0.0.0:12345
+```
+
+Then you can monitor the CPU usage inside the container through `top`:
+
+```
+docker compose exec curl top
+```
+
+This vulnerability is available when parsing the certificate, so we can use the cURL to demonstrate it.
+
+Entry the environment, and use the cURL to browse the evil server that started before:
+
+```
+docker compose exec curl bash
+curl -k https://host.docker.internal:12345
+```
+
+At this point, cURL will be caught in an infinite loop, and CPU resources will be exhausted unexpectedly:
+
+![](1.png)

openssl/CVE-2022-0778/README.zh-cn.md

@@ -0,0 +1,45 @@
+# OpenSSL无限循环DOS漏洞（CVE-2022-0778）
+
+OpenSSL是一个开放源代码的软件库包，应用程序可以使用这个包来进行安全通信，避免窃听，同时确认另一端连接者的身份。这个包广泛被应用在互联网的网页服务器上。
+
+OpenSSL 1.1.1m 版本及以前存在一处逻辑缺陷，攻击者可以利用一个无效的椭圆曲线参数证书，触发一个无限循环导致耗尽目标CPU。由于证书解析发生在验证证书签名之前，任何解析外部提供的证书的进程都可能受到拒绝服务的攻击。
+
+参考链接：
+
+- <https://github.com/drago-96/CVE-2022-0778>
+- <https://www.cnblogs.com/logchen/p/16030515.html>
+- <https://catbro666.github.io/posts/83951100/>
+- <https://github.com/yywing/cve-2022-0778>
+
+## 漏洞环境
+
+执行如下命令启动一个server：
+
+```
+docker compose up -d
+```
+
+## 漏洞复现
+
+首先，使用[这个项目](https://github.com/vulhub/cve-2022-0778)中的代码编译并运行一个恶意服务器。如果你没有Golang相关编译环境，也可以直接使用如下Docker命令启动：
+
+```
+docker run -it --rm -p 12345:12345 yywing/cve-2022-0778 --addr 0.0.0.0:12345
+```
+
+然后，你可以在Vulhub环境中使用`top`命令来查看此时的CPU占用：
+
+```
+docker compose exec curl top
+```
+
+由于这个漏洞是发生在解析TLS证书时，所以我们可以使用cURL来复现这个漏洞。进入容器，并执行cURL命令访问前面启动的恶意服务器：
+
+```
+docker compose exec curl bash
+curl -k https://host.docker.internal:12345
+```
+
+此时，cURL会陷入死循环，查看`top`中的CPU占用即可发现已经100%：
+
+![](1.png)

openssl/CVE-2022-0778/docker-compose.yml

@@ -0,0 +1,5 @@
+version: '2'
+services:
+  curl:
+    image: vulhub/openssl:1.1.1m-with-curl
+    command: sleep infinity