Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-3602 PoC — X.509 Email Address 4-byte Buffer Overflow

Source
https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786
Associated Vulnerability
Title:X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602)
Description:A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
Readme
# CVE-2022-3602-and-CVE-2022-3786
This is a detection script which will determine whether client authentication is required by the SSL server, 
in which case servers based on OpenSSL 3.0.0 to 3.0.6 will be vulnerable to both CVE-2022-3602 and CVE-2022-3786

## Prerequisite's
- python3
- pip install -r requirements.txt

## Usage
```
usage: openssl_cert_detector.py [-h] [-t TARGET] [-T TARGETS]

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single IP with port separate by colon. Example: -t 192.168.0.3:3000
  -T TARGETS, --targets TARGETS
                        List of IP and port separate by colon and separated by new line in text file
```

### Example 1:
To check for openssl vulnerability on single ip and port 

```
python openssl_cert_detector.py -t 192.168.0.3:3000
```

### Example 2:

To check for openssl vulnerability on list of ip and its port in separated by new line in text file

```
python openssl_cert_detector.py -T check.txt
```

## References
- https://github.com/colmmacc/CVE-2022-3602
- https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/openssl-punycode-vulnerability
- https://github.com/jfrog/jfrog-openssl-tools
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →