CVE-2021-24086
This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patched by Microsoft in February 2021. According to this tweet, the vulnerability has been found by @piazzt. It is triggerable remotely by sending malicious UDP packet over IPv6.
You can read Microsoft's blog here: Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. It discusses briefly the impact and workaround/mitigations.
A more in-depth discussion about the root-cause is available on doar-e.github.io: Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086).
Running the PoC
Run the cve-2021-24086.py script; it requires Scapy:
[email protected]:~$ sudo python3 cve-2021-24086.py
66 fragments, total size 0xfff8
..................................................................
Sent 66 packets.
.
Sent 1 packets.
Authors
- Axel '@0vercl0k' Souchet
580 Jan 09, 2023
1 Dec 22, 2021
10 Sep 25, 2022
1.6k Dec 30, 2022
5 Mar 10, 2022
37 Dec 06, 2022
1.2k Dec 28, 2022
31 Dec 19, 2022
1.9k Jan 01, 2023
153 Dec 20, 2022
11 Sep 10, 2022
[email protected]">
388 Dec 27, 2022
3 Dec 30, 2021
3 Jan 26, 2022
23 Jul 05, 2022
10 Apr 15, 2022
6 Aug 04, 2022
16 Nov 15, 2022
81 Dec 23, 2022
25 Nov 09, 2022