TROYANOSYVIRUS
Volver a CVEs

CVE-2022-37454

CRITICAL
9.8

Descripcion

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/21/2022
Ultima modificacion5/8/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

debian:debian_linuxextended_keccak_code_package_project:extended_keccak_code_packagefedoraproject:fedoraphp:phppypy:pypypysha3_project:pysha3python:pythonsha3_project:sha3

Debilidades (CWE)

CWE-190CWE-190

Referencias

https://csrc.nist.gov/projects/hash-functions/sha-3-project(cve@mitre.org)
https://eprint.iacr.org/2023/331(cve@mitre.org)
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/(cve@mitre.org)
https://mouha.be/sha-3-buffer-overflow/(cve@mitre.org)
https://news.ycombinator.com/item?id=33281106(cve@mitre.org)
https://news.ycombinator.com/item?id=35050307(cve@mitre.org)
https://security.gentoo.org/glsa/202305-02(cve@mitre.org)
https://www.debian.org/security/2022/dsa-5267(cve@mitre.org)
https://www.debian.org/security/2022/dsa-5269(cve@mitre.org)
https://csrc.nist.gov/projects/hash-functions/sha-3-project(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2023/331(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/(af854a3a-2127-422b-91ae-364da2661108)
https://mouha.be/sha-3-buffer-overflow/(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=33281106(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=35050307(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202305-02(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230203-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5267(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5269(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.