Demonstration of Go's dsa.Verify bug (CVE-2019-17596)# Exploiting `dsa.Verify` in Go (CVE-2019-17596)
Please see the [associated blog post for details](https://paul.querna.org/articles/2019/10/24/dsa-verify-poc/).
# Running
Since versions of Go newer than 1.13.1 are patched, I;ve included a [Dockerfile](./Dockerfile), that makes it easier to pin your Go version. Simply run Docker build:
```
docker build .
```
There are two files of interest:
- [`dsa_test.go`](./dsa_test.go): Contains a test case for causing `dsa.Verify` to panic/
- [`ssh_test.go`](./ssh_test.go): Contains a test case for making an `crypto/ssh.Client` to panic via an evil SSH Host Key.
## Improvements, bugs, adding feature, etc:
Please [open issues in Github](https://github.com/pquerna/poc-dsa-verify-CVE-2019-17596/issues) for ideas, bugs, and general thoughts. Pull requests are of course preferred :)
## License
`poc-dsa-verify-CVE-2019-17596` is licensed under the [Apache License, Version 2.0](./LICENSE)
[4.0K] /data/pocs/279bef283cfdc19f21d719f45a3464bf20888c74
├── [ 180] Dockerfile
├── [ 719] dsa_test.go
├── [ 466] go.mod
├── [2.5K] go.sum
├── [ 11K] LICENSE
├── [ 148] NOTICE
├── [ 944] README.md
├── [2.7K] shared_test.go
├── [1.3K] ssh_test.go
└── [ 160] test.sh
0 directories, 10 files