CVE-2022-37454

{"id": "CVE-2022-37454", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-10-21T06:15:09.333", "references": [{"url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://eprint.iacr.org/2023/331", "source": "[email protected]"}, {"url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://mouha.be/sha-3-buffer-overflow/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://news.ycombinator.com/item?id=33281106", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://news.ycombinator.com/item?id=35050307", "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/202305-02", "source": "[email protected]"}, {"url": "https://www.debian.org/security/2022/dsa-5267", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.debian.org/security/2022/dsa-5269", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://eprint.iacr.org/2023/331", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://mouha.be/sha-3-buffer-overflow/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://news.ycombinator.com/item?id=33281106", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://news.ycombinator.com/item?id=35050307", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202305-02", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20230203-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2022/dsa-5267", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2022/dsa-5269", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface."}, {"lang": "es", "value": "La implementaci\u00f3n de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de b\u00fafer resultante que permite a atacantes ejecutar c\u00f3digo arbitrario o eliminar las propiedades criptogr\u00e1ficas esperadas. Esto ocurre en la interfaz de la funci\u00f3n sponge"}], "lastModified": "2025-05-08T15:15:47.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F959FD3C-9C59-4DD6-AA90-E254F0DD815E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76798416-0F70-4C9C-BFA2-AD2DC4DE54FA", "versionEndExcluding": "7.4.33", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "795EC7FC-4A42-4D2B-A900-02CA7770E515", "versionEndExcluding": "8.0.25", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BFF2544-41D1-41F6-A116-F7069789A585", "versionEndExcluding": "8.1.12", "versionStartIncluding": "8.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C960DA8-C330-43DB-8F1C-5C00A9E7537B", "versionEndExcluding": "3.7.16", "versionStartIncluding": "3.6.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70B04BCE-14CC-48FD-9545-E645776C2378", "versionEndExcluding": "3.8.16", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28B140D-129A-4B9F-AC2B-F121E7EAD70C", "versionEndExcluding": "3.9.16", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95E57263-9F7E-489E-9578-D89B584095B2", "versionEndExcluding": "3.10.9", "versionStartIncluding": "3.10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sha3_project:sha3:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "61BEF41F-FCF7-48C9-A6D9-2B8FD7D5D9B1", "versionEndExcluding": "1.0.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pysha3_project:pysha3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6682145-B3AF-4CAE-9C1D-1A83C79D7BC2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pypy:pypy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF535F7-D275-4DA1-8450-07ED0A9BF2EB", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}