Lucene search

[email protected]CVE-2022-48566

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2022-48566

2023-08-2219:16:00

CWE-362

[email protected]

web.nvd.nist.gov

141

cve-2022-48566

python

compare_digest

constant-time

security vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

22.8%

JSON

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

CPENameOperatorVersion
python:pythonpythonlt3.7.10
python:pythonpythonlt3.6.13
python:pythonpythonlt3.9.1
python:pythonpythonlt3.8.7
debian:debian_linuxdebian debian linuxeq10.0
netapp:active_iq_unified_managernetapp active iq unified managereq-
netapp:converged_systems_advisor_agentnetapp converged systems advisor agenteq-

CPE	Name	Operator	Version
python:python	python	lt	3.7.10
python:python	python	lt	3.6.13
python:python	python	lt	3.9.1
python:python	python	lt	3.8.7
debian:debian_linux	debian debian linux	eq	10.0
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-
netapp:converged_systems_advisor_agent	netapp converged systems advisor agent	eq	-