{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-37454", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T10:29:21.027Z", "dateReserved": "2022-08-07T00:00:00", "datePublished": "2022-10-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-07T03:42:54.794928Z"}, "descriptions": [{"lang": "en", "value": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "unknown"}]}], "references": [{"name": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project"}, {"name": "https://mouha.be/sha-3-buffer-overflow/", "url": "https://mouha.be/sha-3-buffer-overflow/"}, {"name": "https://news.ycombinator.com/item?id=33281106", "url": "https://news.ycombinator.com/item?id=33281106"}, {"name": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"}, {"name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"}, {"name": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"}, {"name": "https://www.debian.org/security/2022/dsa-5267", "url": "https://www.debian.org/security/2022/dsa-5267"}, {"name": "https://www.debian.org/security/2022/dsa-5269", "url": "https://www.debian.org/security/2022/dsa-5269"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"}, {"url": "https://eprint.iacr.org/2023/331"}, {"url": "https://news.ycombinator.com/item?id=35050307"}, {"url": "https://security.gentoo.org/glsa/202305-02"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230203-0001/"}, {"name": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "tags": ["x_transferred"]}, {"name": "https://mouha.be/sha-3-buffer-overflow/", "url": "https://mouha.be/sha-3-buffer-overflow/", "tags": ["x_transferred"]}, {"name": "https://news.ycombinator.com/item?id=33281106", "url": "https://news.ycombinator.com/item?id=33281106", "tags": ["x_transferred"]}, {"name": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "tags": ["x_transferred"]}, {"name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "tags": ["x_transferred"]}, {"name": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "tags": ["x_transferred"]}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "tags": ["x_transferred"]}, {"name": "https://www.debian.org/security/2022/dsa-5267", "url": "https://www.debian.org/security/2022/dsa-5267", "tags": ["x_transferred"]}, {"name": "https://www.debian.org/security/2022/dsa-5269", "url": "https://www.debian.org/security/2022/dsa-5269", "tags": ["x_transferred"]}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "tags": ["x_transferred"]}, {"url": "https://eprint.iacr.org/2023/331", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=35050307", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202305-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.027Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*", "matchCriteriaId": "F959FD3C-9C59-4DD6-AA90-E254F0DD815E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "76798416-0F70-4C9C-BFA2-AD2DC4DE54FA", "versionEndExcluding": "7.4.33", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "795EC7FC-4A42-4D2B-A900-02CA7770E515", "versionEndExcluding": "8.0.25", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFF2544-41D1-41F6-A116-F7069789A585", "versionEndExcluding": "8.1.12", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C960DA8-C330-43DB-8F1C-5C00A9E7537B", "versionEndExcluding": "3.7.16", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B04BCE-14CC-48FD-9545-E645776C2378", "versionEndExcluding": "3.8.16", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "E28B140D-129A-4B9F-AC2B-F121E7EAD70C", "versionEndExcluding": "3.9.16", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "95E57263-9F7E-489E-9578-D89B584095B2", "versionEndExcluding": "3.10.9", "versionStartIncluding": "3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sha3_project:sha3:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "61BEF41F-FCF7-48C9-A6D9-2B8FD7D5D9B1", "versionEndExcluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pysha3_project:pysha3:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6682145-B3AF-4CAE-9C1D-1A83C79D7BC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pypy:pypy:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AF535F7-D275-4DA1-8450-07ED0A9BF2EB", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface."}, {"lang": "es", "value": "La implementaci\u00f3n de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de b\u00fafer resultante que permite a atacantes ejecutar c\u00f3digo arbitrario o eliminar las propiedades criptogr\u00e1ficas esperadas. Esto ocurre en la interfaz de la funci\u00f3n sponge"}], "id": "CVE-2022-37454", "lastModified": "2023-05-03T11:15:11.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-21T06:15:09.333", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project"}, {"source": "cve@mitre.org", "url": "https://eprint.iacr.org/2023/331"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://mouha.be/sha-3-buffer-overflow/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://news.ycombinator.com/item?id=33281106"}, {"source": "cve@mitre.org", "url": "https://news.ycombinator.com/item?id=35050307"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202305-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5267"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5269"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0848", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "php:8.0-8070020230118114629.ef331662", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:2903", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "php:7.4-8080020230118140634.cc342424", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0965", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "php-0:8.0.27-1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:2417", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "php:8.1-9020020230120141750.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "XKCP: buffer overflow in the SHA-3 reference implementation", "id": "2140200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140200"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-680", "details": ["The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", "A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic properties, execution of arbitrary code, or a denial of service."], "mitigation": {"lang": "en:us", "value": "Library users can limit the size of partial input data or partial output digest to below 4294967096 bytes. Avoiding the queuing functions altogether by processing the entire input or producing the entire output at once does not trigger this vulnerability."}, "name": "CVE-2022-37454", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python38:3.8/python38", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python39:3.9/python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.9", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-python38-python", "product_name": "Red Hat Software Collections"}], "public_date": "2022-10-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-37454\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-37454"], "statement": "Python as shipped with Red Hat Red Hat Enterprise Linux is not affected by this flaw as it uses the OpenSSL SHA-3 implementation.\nPHP as shipped with Red Hat Enterprise Linux is affected but not vulnerable by default as it depends of the memory_limit[1] configuration setting to have a value of -1, indicating there is no limit, or to a value bigger than 4G. These values are very unlikely and to reflect this condition PHP was rated with a moderate security impact.\n[1]. https://www.php.net/manual/en/ini.core.php#ini.memory-limit", "threat_severity": "Important"}