CVE-2022-3602

This repository provides a comprehensive analysis and operational information regarding CVE-2022-3602 and CVE-2022-3786, including vulnerable software lists, detection rules, and references to official advisories. It does not contain exploit code but offers detailed technical context and community-contributed data.

This repository provides a detailed technical analysis of CVE-2022-3602, a punycode buffer overflow in OpenSSL. It explains the vulnerability's root cause, conditions for exploitation, and why it is unlikely to lead to RCE in most scenarios.

This repository contains functional proof-of-concept exploits for CVE-2022-3602 and CVE-2022-3786, both OpenSSL vulnerabilities. The PoCs demonstrate the vulnerabilities by leveraging crafted inputs to trigger buffer overflows and incorrect handling of punycode/periods in domain names.

This repository contains a functional proof-of-concept exploit for CVE-2022-3602, a buffer overflow vulnerability in OpenSSL 3.0 < 3.0.7. The exploit demonstrates a denial-of-service (DoS) condition by sending a crafted certificate to the target server.

This repository contains a detection tool for CVE-2022-3602, which identifies vulnerable OpenSSL versions (3.0.0-3.0.6) and potential exploitation attempts via TLS v1.2. It generates notices for vulnerable servers and exploit attempts, including punycode-based attacks.

This repository contains a Python script that scans for OpenSSL servers vulnerable to CVE-2022-3602 and CVE-2022-3786 by detecting whether client certificate authentication is required. It does not exploit the vulnerabilities but identifies potentially vulnerable systems.

This repository contains a functional proof-of-concept exploit for CVE-2022-3602, demonstrating a buffer overflow vulnerability in OpenSSL's punycode decoding function. The exploit uses a crafted input to trigger the overflow, showcasing the vulnerability in a controlled manner.

This repository contains a scanner for detecting vulnerable OpenSSL versions affected by CVE-2022-3602. It checks for specific OpenSSL DLL versions on Windows and uses osquery for Linux/macOS systems.