// For flags

CVE-2022-37454

XKCP: buffer overflow in the SHA-3 reference implementation

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográficas esperadas. Esto ocurre en la interfaz de la función sponge

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic properties, execution of arbitrary code, or a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-07 CVE Reserved
  • 2022-10-21 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-08-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-680: Integer Overflow to Buffer Overflow
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Extended Keccak Code Package Project
Search vendor "Extended Keccak Code Package Project"
Extended Keccak Code Package
Search vendor "Extended Keccak Code Package Project" for product "Extended Keccak Code Package"
--
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
36
Search vendor "Fedoraproject" for product "Fedora" and version "36"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 7.2.0 < 7.4.33
Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.4.33"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 8.0.0 < 8.0.25
Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.25"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 8.1.0 < 8.1.12
Search vendor "Php" for product "Php" and version " >= 8.1.0 < 8.1.12"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.6.0 < 3.7.16
Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.7.16"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.8.0 < 3.8.16
Search vendor "Python" for product "Python" and version " >= 3.8.0 < 3.8.16"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.9.0 < 3.9.16
Search vendor "Python" for product "Python" and version " >= 3.9.0 < 3.9.16"
-
Affected
Python
Search vendor "Python"
Python
Search vendor "Python" for product "Python"
>= 3.10.0 < 3.10.9
Search vendor "Python" for product "Python" and version " >= 3.10.0 < 3.10.9"
-
Affected
Sha3 Project
Search vendor "Sha3 Project"
Sha3
Search vendor "Sha3 Project" for product "Sha3"
< 1.0.5
Search vendor "Sha3 Project" for product "Sha3" and version " < 1.0.5"
ruby
Affected
Pysha3 Project
Search vendor "Pysha3 Project"
Pysha3
Search vendor "Pysha3 Project" for product "Pysha3"
*-
Affected
Pypy
Search vendor "Pypy"
Pypy
Search vendor "Pypy" for product "Pypy"
>= 7.0.0
Search vendor "Pypy" for product "Pypy" and version " >= 7.0.0"
-
Affected