CVE-2022-37454
- Source
- https://cve.org/CVERecord?id=CVE-2022-37454
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37454.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-37454
- Aliases
- Downstream
- Related
- Published
- 2022-10-21T06:15:09.333Z
- Modified
- 2026-02-12T07:42:47.882568Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- References
-
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://eprint.iacr.org/2023/331
- https://news.ycombinator.com/item?id=35050307
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://mouha.be/sha-3-buffer-overflow/
- https://news.ycombinator.com/item?id=33281106
- https://security.gentoo.org/glsa/202305-02
- https://www.debian.org/security/2022/dsa-5267
- https://www.debian.org/security/2022/dsa-5269
- https://security.netapp.com/advisory/ntap-20230203-0001/
- https://news.ycombinator.com/item?id=33281106
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://mouha.be/sha-3-buffer-overflow/
Affected packages
Git
github.com/flatpak/flatpak
Affected ranges
- Type
- GIT
- Repo
- https://github.com/flatpak/flatpak
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1
0.10.0
0.10.1
0.10.2
0.11.1
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.8.1
0.11.8.2
0.11.8.3
0.2
0.2.1
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0
0.4.1
0.4.10
0.4.11
0.4.12
0.4.13
0.4.2
0.4.2.1
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.8.0
0.8.1
0.9.1
0.9.10
0.9.11
0.9.12
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.98
0.9.98.1
0.9.98.2
0.9.99
0.99.1
0.99.2
0.99.3
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v3.*
v3.10.0
v3.10.0a1
v3.10.0a2
v3.10.0a3
v3.10.0a4
v3.10.0a5
v3.10.0a6
v3.10.0a7
v3.10.0b1
v3.10.0b2
v3.10.0b3
v3.10.0b4
v3.10.0rc1
v3.10.0rc2
v3.10.1
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.4.6
v3.4.6rc1
v3.5.3
v3.5.3rc1
v3.6.0
v3.7.0a1
v3.7.0a2
v3.7.0a3
v3.7.0a4
v3.8.0a1
v3.8.0a2
v3.8.0a3
v3.8.0a4
v3.8.0b1
v3.9.0a1
v3.9.0a2
v3.9.0a3
v3.9.0a4
v3.9.0a5
v3.9.0a6