cve-2022-3602
Safeguard articles tagged "cve-2022-3602" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Inside the OpenSSL punycode bug: why CVE-2022-3602 wasn't Heartbleed
OpenSSL pre-announced a 'critical' flaw in October 2022. It shipped as HIGH severity. Here's the buffer overflow, the downgrade, and the safe patch path.
OpenSSL Punycode Overflow (CVE-2022-3602) Explained
CVE-2022-3602 was pre-announced as OpenSSL's next critical bug, then downgraded to high. Here is what the X.509 punycode buffer overflow actually does, why the panic cooled, and how to patch.
OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)
A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.
OpenSSL CVE-2022-3602: The Critical That Wasn't (But Still Matters)
OpenSSL pre-announced a critical vulnerability that was later downgraded to high severity. The incident revealed as much about our processes as the bug itself.