The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more.
Yes, see commit fdc6fef0.
The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether.
See issue #105 for more details.
{ "nvd_published_at": "2022-10-21T06:15:00Z", "cwe_ids": [ "CWE-190" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-04-26T17:39:58Z" }