TROYANOSYVIRUS
Back to CVEs

CVE-2022-37454

CRITICAL
9.8

Description

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/21/2022
Last Modified5/8/2025
Sourcenvd
Honeypot Sightings0

Affected Products

debian:debian_linuxextended_keccak_code_package_project:extended_keccak_code_packagefedoraproject:fedoraphp:phppypy:pypypysha3_project:pysha3python:pythonsha3_project:sha3

Weaknesses (CWE)

CWE-190CWE-190

References

https://csrc.nist.gov/projects/hash-functions/sha-3-project(cve@mitre.org)
https://eprint.iacr.org/2023/331(cve@mitre.org)
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/(cve@mitre.org)
https://mouha.be/sha-3-buffer-overflow/(cve@mitre.org)
https://news.ycombinator.com/item?id=33281106(cve@mitre.org)
https://news.ycombinator.com/item?id=35050307(cve@mitre.org)
https://security.gentoo.org/glsa/202305-02(cve@mitre.org)
https://www.debian.org/security/2022/dsa-5267(cve@mitre.org)
https://www.debian.org/security/2022/dsa-5269(cve@mitre.org)
https://csrc.nist.gov/projects/hash-functions/sha-3-project(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2023/331(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/(af854a3a-2127-422b-91ae-364da2661108)
https://mouha.be/sha-3-buffer-overflow/(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=33281106(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=35050307(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202305-02(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230203-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5267(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5269(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.