""ET EXPLOIT Realtek eCos RSDK/MSDK Stack-based Buffer Overflow Attempt Inbound (CVE-2022-27255)""

SID: 2038669

Revision: 1

Class Type: attempted-admin

Metadata: created_at 2022_08_30, cve CVE_2022_27255, confidence High, updated_at 2022_08_30

Reference:

  • cve

  • 2022-27255

Protocol: udp

Source Network: any

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow:

Contents:

  • Value: "|20|SIP|2f|"

  • Value: "m=audio|20|"

Within:

PCRE: "/^\d+\s*[^\r\n]{50,}/R"

Special Options:

  • fast_pattern

source