Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:37714
HistoryOct 28, 2022 - 10:11 a.m.

Denial Of Service (DoS)

2022-10-2810:11:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
32
denial of service
integer overflow
buffer overflow
sponge function
keccak
vulnerable software
cryptographic properties

EPSS

0.031

Percentile

91.2%

php, Python, sha3 and pysha3 are vulnerable to Denial Of Service (DoS). The vulnerability exists through the integer overflow and resultant buffer overflow in the sponge function interface due to the improper implementation of Keccak XKCP SHA-3 reference, allowing an attacker to crash the application by executing arbitrary code or eliminate expected cryptographic properties.

References