php, Python, sha3 and pysha3 are vulnerable to Denial Of Service (DoS). The vulnerability exists through the integer overflow and resultant buffer overflow in the sponge function interface due to the improper implementation of Keccak XKCP SHA-3 reference, allowing an attacker to crash the application by executing arbitrary code or eliminate expected cryptographic properties.
csrc.nist.gov/projects/hash-functions/sha-3-project
eprint.iacr.org/2023/331
github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
lists.debian.org/debian-lts-announce/2022/10/msg00041.html
lists.debian.org/debian-lts-announce/2022/11/msg00000.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
lists.fedoraproject.org/archives/list/[email protected]/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
lists.fedoraproject.org/archives/list/[email protected]/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
mouha.be/sha-3-buffer-overflow/
news.ycombinator.com/item?id=33281106
news.ycombinator.com/item?id=35050307
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.16/community.yaml
security.gentoo.org/glsa/202305-02
www.debian.org/security/2022/dsa-5267
www.debian.org/security/2022/dsa-5269