CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation

https://notcve.org/view.php?id=CVE-2022-37454

21 Oct 2022 — The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográfica... • https://csrc.nist.gov/projects/hash-functions/sha-3-project • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •