Dive into a comprehensive vulnerability analysis video that demonstrates how to replicate the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786. Follow along as the process unfolds, starting with an examination of the fixed code and progressing through cloning the OpenSSL repository, compiling different versions, and running test cases. Learn how to obtain the vulnerable version of OpenSSL, transfer test cases between versions, and use libfuzzer to identify vulnerabilities. Gain valuable insights into these specific CVEs and broader vulnerability testing techniques, making this an essential resource for security professionals, developers, and anyone interested in understanding and mitigating OpenSSL vulnerabilities.
Replicating OpenSSL Vulnerabilities CVE-2022-3602 and CVE-2022-3786 - How-to Guide
Fuzzing_in - Hardik Shah via YouTube
Overview
Syllabus
introduction
Looking at the fixed code
Cloning OpenSSL Repo and looking at the code
Compiling OpenSSL-3.0.7 version
Running test case binary
Getting vulnerable version of OpenSSL
Copying test cases for CVEs from openssl-3.0.7 to openssl-3.0.6
compiling OpenSSL-3.0.6 version
Running test cases and replicating vulnerabilities
using libfuzzer to find the vulnerability
Conclusion
Taught by
Fuzzing_in - Hardik Shah
