WRITEUP

WRITEUP

Exploit for CVE-2025-15468 - Openssl < 3.3.6 - NULL Pointer Dereference

AI Analysis

This patch addresses CVE-2025-15468 by adding a NULL guard in the `ossl_quic_get_cipher_by_char()` function to prevent dereferencing a NULL `SSL_CIPHER` pointer. The vulnerability likely leads to a crash or undefined behavior due to missing validation.

Attack Type

DoS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1499 - Endpoint Denial of Service

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65

Authors

Daniel Kubec

Vulnerability

CVE-2025-15468

Openssl < 3.3.6 - NULL Pointer Dereference

MEDIUM

CVSS 5.9