Safety vulnerability ID: 51647
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Python 3.7.16, 3.8.16, 3.9.16 and 3.10.9 include a fix for CVE-2022-37454: Buffer overflow in the _sha3 module.
https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html
Latest version: 0.9.8
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. See CVE-2022-37454.
FEDORA:FEDORA-2022-f2a5082860: https://lists.fedoraproject.org/archives/list/[email protected]/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
MISC:https://csrc.nist.gov/projects/hash-functions/sha-3-project: https://csrc.nist.gov/projects/hash-functions/sha-3-project
MISC:https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658: https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
MISC:https://mouha.be/sha-3-buffer-overflow/: https://mouha.be/sha-3-buffer-overflow/
MISC:https://news.ycombinator.com/item?id=33281106: https://news.ycombinator.com/item?id=33281106
MLIST:[debian-lts-announce] 20221031 [SECURITY] [DLA 3174-1] pysha3 security update: https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
MLIST:[debian-lts-announce] 20221101 [SECURITY] [DLA 3175-1] python3.7 security update: https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application