Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-37454
HistoryOct 21, 2022 - 12:00 a.m.

CVE-2022-37454

2022-10-2100:00:00
ubuntu.com
ubuntu.com
37
keccak xkcp sha-3
integer overflow
buffer overflow
arbitrary code execution
cryptographic properties
sponge function interface
php
pear
python 3.11
security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.031

Percentile

91.2%

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an
integer overflow and resultant buffer overflow that allows attackers to
execute arbitrary code or eliminate expected cryptographic properties. This
occurs in the sponge function interface.

Bugs

Notes

Author Note
sbeattie PEAR issues should go against php-pear as of xenial
rodrigo-zaiden PHP includes Keccak code for sha3 starting from php7.2
leosilva in PHP it was introduced in 91663a92d1697fc30a7ba4687d73e0f63ec2baa1 php-7.2.0alpha1
mdeslaur Python 3.11 switched to using tiny_sha3, so not affected.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchphp7.2< 7.2.24-0ubuntu0.18.04.15UNKNOWN
ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu2.15UNKNOWN
ubuntu22.04noarchphp8.1< 8.1.2-1ubuntu2.8UNKNOWN
ubuntu22.10noarchphp8.1< 8.1.7-1ubuntu3.1UNKNOWN
ubuntu23.04noarchphp8.1< 8.1.12-1ubuntu2UNKNOWN
ubuntu20.04noarchpypy3< 7.3.1+dfsg-4ubuntu0.1UNKNOWN
ubuntu22.04noarchpypy3< 7.3.9+dfsg-1ubuntu0.1UNKNOWN
ubuntu18.04noarchpysha3< anyUNKNOWN
ubuntu20.04noarchpysha3< 1.0.2-4ubuntu0.1UNKNOWN
ubuntu22.04noarchpysha3< 1.0.2-4.2ubuntu0.22.04.1UNKNOWN
Rows per page:
1-10 of 181

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.031

Percentile

91.2%