CVE-2022-37454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-37454

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37454.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-37454

Aliases

Downstream

ALPINE-CVE-2022-37454

DEBIAN-CVE-2022-37454

DLA-3174-1

DLA-3175-1

DLA-3243-1

DSA-5267-1

DSA-5269-1

DSA-5277-1

OESA-2022-2137

OESA-2023-1023

OESA-2023-1045

RHSA-2023:0848

RHSA-2023:0965

RHSA-2023:2417

RHSA-2023:2903

SUSE-SU-2022:3924-1

SUSE-SU-2022:3997-1

SUSE-SU-2022:4005-1

SUSE-SU-2022:4067-1

SUSE-SU-2022:4068-1

SUSE-SU-2022:4069-1

SUSE-SU-2022:4274-1

SUSE-SU-2022:4281-1

SUSE-SU-2023:0707-1

SUSE-SU-2023:0748-1

UBUNTU-CVE-2022-37454

USN-5717-1

USN-5767-1

USN-5767-3

USN-5888-1

USN-5930-1

USN-5931-1

USN-6524-1

USN-6525-1

openSUSE-SU-2024:12461-1

openSUSE-SU-2024:12476-1

openSUSE-SU-2024:12559-1

openSUSE-SU-2024:12563-1

Related

Published

2022-10-21T06:15:09Z

Modified

2025-08-11T14:44:48.245054Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

8148cbb78841c8ec0759c0836e7f35dec799d300

Fixed

dca8d5565b947270a29f232bc54efd9df3b92b94

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12

Fixed

3f82aa744678620a811927dc4e56ad9c7c3d0c14