April 2, 2021

147 words 1 min read

0vercl0k/CVE-2021-24086

0vercl0k/CVE-2021-24086

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

repo name 0vercl0k/CVE-2021-24086
repo link https://github.com/0vercl0k/CVE-2021-24086
homepage
language Python
size (curr.) 2638 kB
stars (curr.) 102
created 2021-04-07
license MIT License

CVE-2021-24086

This is a proof of concept for CVE-2021-24086 (“Windows TCP/IP Denial of Service Vulnerability “), a NULL dereference in tcpip.sys patched by Microsoft in February 2021. According to this tweet, the vulnerability has been found by @piazzt. It is triggerable remotely by sending malicious UDP packet over IPv6.

trigger

You can read Microsoft’s blog here: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. It discusses briefly the impact and workaround/mitigations.

A more in-depth discussion about the root-cause will follow on doar-e.github.io later.

Running the PoC

Run the cve-2021-24086.py script; it requires Scapy:

over@bubuntu:~$ sudo python3 cve-2021-24086.py
66 fragments, total size 0xfff8
..................................................................
Sent 66 packets.
.
Sent 1 packets.

Authors

comments powered by Disqus