ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Inbound (CVE-2022-3602)

SID: 2039618Rev: 10 viewsHistory

Sourceet/open

CreatedNovember 1, 2022

UpdatedNovember 2, 2022

Classificationattempted-admin

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Inbound (CVE-2022-3602)"; flow:established,to_client; tls.certs; content:"|06 03 55 1d 1e|"; content:"xn--"; fast_pattern; within:30; byte_test:2,>,513,-6,relative; reference:url,www.openssl.org/news/secadv/20221101.txt; reference:cve,2022-3602; classtype:attempted-admin; sid:2039618; rev:1; metadata:attack_target Server, created_at 2022_11_01, cve CVE_2022_3602, deployment Perimeter, performance_impact Significant, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_11_02;)

References

url	www.openssl.org/news/secadv/20221101.txt
cve	2022-3602

Metadata

attack targetServer

created at2022_11_01

cveCVE-2022-3602

deploymentPerimeter

performance impactSignificant

confidenceLow

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_11_02

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!