{"id":"CVE-2022-37454","details":"The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.","aliases":["BIT-libphp-2022-37454","BIT-libpython-2022-37454","BIT-php-2022-37454","BIT-php-min-2022-37454","BIT-python-2022-37454","BIT-python-min-2022-37454","GHSA-6w4m-2xhg-2658","PSF-2022-11"],"modified":"2026-04-10T04:49:54.297630Z","published":"2022-10-21T06:15:09.333Z","related":["ALSA-2023:0848","ALSA-2023:0965","ALSA-2023:2417","ALSA-2023:2903","CGA-22cq-x9cj-9w2f","GHSA-6w4m-2xhg-2658","SUSE-SU-2022:3924-1","SUSE-SU-2022:3997-1","SUSE-SU-2022:4005-1","SUSE-SU-2022:4067-1","SUSE-SU-2022:4068-1","SUSE-SU-2022:4069-1","SUSE-SU-2022:4274-1","SUSE-SU-2022:4281-1","SUSE-SU-2023:0707-1","SUSE-SU-2023:0748-1","openSUSE-SU-2024:12461-1","openSUSE-SU-2024:12476-1","openSUSE-SU-2024:12559-1","openSUSE-SU-2024:12563-1"],"references":[{"type":"WEB","url":"https://news.ycombinator.com/item?id=35050307"},{"type":"WEB","url":"https://eprint.iacr.org/2023/331"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5269"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5267"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230203-0001/"},{"type":"ADVISORY","url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"},{"type":"REPORT","url":"https://news.ycombinator.com/item?id=33281106"},{"type":"FIX","url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"},{"type":"EVIDENCE","url":"https://mouha.be/sha-3-buffer-overflow/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"8148cbb78841c8ec0759c0836e7f35dec799d300"},{"fixed":"dca8d5565b947270a29f232bc54efd9df3b92b94"},{"introduced":"5dc92c2117cafc61daaaaa240fd46c3ac33872a4"},{"fixed":"145b4e6e2f319a92cd5bc27f426bcbec2dd0add9"},{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"b91e67524dfc9ade4cbf5c0fe997677aea7b33c1"}],"database_specific":{"versions":[{"introduced":"7.2.0"},{"fixed":"7.4.33"},{"introduced":"8.0.0"},{"fixed":"8.0.25"},{"introduced":"8.1.0"},{"fixed":"8.1.12"}]}},{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12"},{"fixed":"3f82aa744678620a811927dc4e56ad9c7c3d0c14"},{"introduced":"fa919fdf2583bdfead1df00e842f24f30b2a34bf"},{"fixed":"1e3d2d52109c9d82ba307116e912d16bb4b0dbb7"},{"introduced":"9cf6752276e6fcfd0c23fdb064ad27f448aaaf75"},{"fixed":"595f9ccb0c059f2fb5bf13643bfc0cdd5b55a422"},{"introduced":"b494f5935c92951e75597bfe1c8b1f3112fec270"},{"fixed":"1dd9be6584413fbfa823f37a224f101b819505d1"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.7.16"},{"introduced":"3.8.0"},{"fixed":"3.8.16"},{"introduced":"3.9.0"},{"fixed":"3.9.16"},{"introduced":"3.10.0"},{"fixed":"3.10.9"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37454.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"fixed":"1.0.5"}]},{"events":[{"introduced":"7.0.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}