diff --git a/contributors.json b/contributors.json
index 8611e5cf4c..abd26306fc 100644
--- a/contributors.json
+++ b/contributors.json
@@ -1368,5 +1368,16 @@
             "website": "",
             "email": ""
         }
+    },
+    {
+        "author": "heywoodlh",
+        "links": {
+            "github": "https://www.github.com/heywoodlh",
+            "twitter": "",
+            "linkedin": "",
+            "website": "https://the-empire.systems",
+            "email": ""
+        }
     }
+
 ]
diff --git a/cves/2022/CVE-2022-3602.yaml b/cves/2022/CVE-2022-3602.yaml
new file mode 100644
index 0000000000..037d3c3dd7
--- /dev/null
+++ b/cves/2022/CVE-2022-3602.yaml
@@ -0,0 +1,28 @@
+id: spookyssl-detect
+
+info:
+  name: SpookySSL CVE-2022-3602/CVE-2022-3786  
+  author: heywoodlh
+  severity: high
+  description: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking in OpenSSL versions 3.0.0-3.0.6. This check searches for web servers with headers indicating OpenSSL versions 3.0.0-3.0.6.
+  metadata:
+    shodan-query: vuln:CVE-2022-3602
+  tags: openssl,spookyssl,cve-2022-3602,cve-2022-3786
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+
+      - type: word
+        part: server
+        words:
+          - "OpenSSL"
+
+    extractors:
+      - type: regex
+        part: header
+        regex:
+          - 'OpenSSL\/(3.0.[0-6].*)'