{"uuid": "a3ccb801-0a52-498d-9ec4-45a3289988a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/561", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602\n\n#cve #poc", "creation_timestamp": "2022-11-02T12:14:42.000000Z"}