""ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Inbound (CVE-2022-3602)""
SID: 2039618
Revision: 1
Class Type: attempted-admin
Metadata: attack_target Server, created_at 2022_11_01, cve CVE_2022_3602, deployment Perimeter, performance_impact Significant, confidence High, signature_severity Major, updated_at 2022_11_02
Reference:
-
cve
-
2022-3602
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|06 03 55 1d 1e|"
-
Value: "xn--"
Within: 30
PCRE:
Special Options:
- fast_pattern