CVE-2022-37454

Updated: 2023-11-28 01:47:51.222083

Description:

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU python3 3.9.16 9.8 CRITICAL Already Fixed 2023-11-13 13:07:23
CentOS 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-11-07 16:02:37
CentOS 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-01-22 08:40:42
CentOS 7 ELS python3 3.6.8 9.8 CRITICAL Not Vulnerable 2023-09-19 09:30:16
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Released CLSA-2022:1668467919 2022-11-14 20:26:24
CentOS 8.4 ELS python2 2.7.18 9.8 CRITICAL Not Vulnerable 2023-12-01 04:08:34
CentOS 8.4 ELS python3 3.6.8 9.8 CRITICAL Not Vulnerable 2023-05-18 03:29:10
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Released CLSA-2022:1668468696 2022-11-14 20:26:24
CentOS 8.5 ELS python3 3.6.8 9.8 CRITICAL Not Vulnerable 2023-05-18 03:29:10
CentOS 8.5 ELS python2 2.7.18 9.8 CRITICAL Not Vulnerable 2023-12-01 04:08:34
Total: 16