GHSA-6w4m-2xhg-2658

Suggest an improvement
Source
https://github.com/advisories/GHSA-6w4m-2xhg-2658
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-6w4m-2xhg-2658/GHSA-6w4m-2xhg-2658.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6w4m-2xhg-2658
Aliases
Published
2023-04-26T17:39:58Z
Modified
2024-03-13T05:38:16.135732Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Buffer overflow in sponge queue functions
Details

Impact

The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more.

Patches

Yes, see commit fdc6fef0.

Workarounds

The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether.

References

See issue #105 for more details.

Database specific
{
    "nvd_published_at": "2022-10-21T06:15:00Z",
    "cwe_ids": [
        "CWE-190"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-26T17:39:58Z"
}
References

Affected packages

PyPI / pysha3

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0.2

Affected versions

0.*

0.1
0.2
0.2.1
0.2.2
0.3

1.*

1.0b1
1.0.0
1.0.1
1.0.2.dev1
1.0.2

RubyGems / sha3

Package

Name
sha3
Purl
pkg:gem/sha3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.5

Affected versions

0.*

0.1.0
0.1.1
0.2.0
0.2.2
0.2.3
0.2.5
0.2.6

1.*

1.0.1
1.0.2
1.0.3
1.0.4