In order to answer your question it would be helpful to know which platform and software version you are using. I also need to know which subsig is firing. There are known false positives associated with 3314 subsig 0. It is disabled by default and marked as deprecated since 3314 subsig 1 more accurately detects this overflow. If anyone is actively trying to exploit this overflow then 3314.1 would be firing.