CVE-2022-3602: OpenSSL 3.0 punycode stack buffer overflow in X.509 name constraint verification

CVE-2022-3602 is a stack buffer overflow in OpenSSL 3.0.x (fixed in 3.0.7). An off-by-one error in ossl_punycode_decode() (crypto/punycode.c) allows writing 4 bytes past the end of a 512-element stack-allocated unsigned int array when processing punycode-encoded email addresses during X.509 certificate name constraint verification. The attack chain is: X.509 verification → nc_email_eai() in crypto/x509/v3_ncons.c → ossl_a2ulabel() in crypto/punycode.c → ossl_punycode_decode(). Triggered when a TLS client connects to a server whose certificate contains a specially crafted punycode email SAN entry, or when name constraints check email addresses with punycode domains.