{"uuid": "b9f88f5e-f7b4-467d-bd98-d0c718f2142a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3786", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/567", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602", "creation_timestamp": "2022-11-02T18:08:04.000000Z"}