The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
03 May 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2022, 18:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sha3_project:sha3:*:*:*:*:*:ruby:*:* cpe:2.3:a:pypy:pypy:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:a:pysha3_project:pysha3:*:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Php php Debian Pysha3 Project pysha3 Fedoraproject fedora Sha3 Project sha3 Pypy Python python Php Python Pysha3 Project Sha3 Project Debian debian Linux Pypy pypy |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5269 - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5267 - Third Party Advisory |
04 Nov 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Nov 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2022, 15:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://mouha.be/sha-3-buffer-overflow/ - Exploit, Third Party Advisory | |
References | (MISC) https://news.ycombinator.com/item?id=33281106 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 - Patch, Third Party Advisory | |
References | (MISC) https://csrc.nist.gov/projects/hash-functions/sha-3-project - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-190 | |
First Time |
Extended Keccak Code Package Project
Extended Keccak Code Package Project extended Keccak Code Package |
|
CPE | cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:* |
21 Oct 2022, 06:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-21 06:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37454
Mitre link : CVE-2022-37454
CVE.ORG link : CVE-2022-37454
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
php
- php
sha3_project
- sha3
pypy
- pypy
extended_keccak_code_package_project
- extended_keccak_code_package
pysha3_project
- pysha3
python
- python
CWE
CWE-190
Integer Overflow or Wraparound