alert tcp any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible OpenSSL Infinite Loop Inducing Cert Inbound via TCP (CVE-2022-0778)"; flow:established,to_server; content:"|30 82|"; content:"|30 0a 06 08 2a 86 48 ce 3d 04 03|"; distance:0; content:"|2a 86 48 ce 3d 01 01 02 02 02 b9|"; distance:0; fast_pattern; content:"|20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17|"; within:36; content:"|20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; within:36; content:"|04 03|"; distance:23; within:2; content:"|00 08|"; distance:1; within:2; reference:url,www.rtcsec.com/article/exploiting-cve-2022-0778-in-openssl-vs-webrtc-platforms/; reference:url,github.com/drago-96/CVE-2022-0778/; reference:cve,2022-0778; classtype:denial-of-service; sid:2035887; rev:2; metadata:affected_product OpenSSL, attack_target Server, created_at 2022_04_11, cve CVE_2022_0778, deployment Perimeter, deployment Internal, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_04_11;)