{"id":"CVE-2022-37454","details":"The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.","aliases":["BIT-libphp-2022-37454","BIT-libpython-2022-37454","BIT-php-2022-37454","BIT-php-min-2022-37454","BIT-python-2022-37454","BIT-python-min-2022-37454","GHSA-6w4m-2xhg-2658","PSF-2022-11"],"modified":"2026-05-15T11:54:26.809583751Z","published":"2022-10-21T00:00:00Z","related":["ALSA-2023:0848","ALSA-2023:0965","ALSA-2023:2417","ALSA-2023:2903","CGA-22cq-x9cj-9w2f","SUSE-SU-2022:3924-1","SUSE-SU-2022:3997-1","SUSE-SU-2022:4005-1","SUSE-SU-2022:4067-1","SUSE-SU-2022:4068-1","SUSE-SU-2022:4069-1","SUSE-SU-2022:4274-1","SUSE-SU-2022:4281-1","SUSE-SU-2023:0707-1","SUSE-SU-2023:0748-1","openSUSE-SU-2024:12461-1","openSUSE-SU-2024:12476-1","openSUSE-SU-2024:12559-1","openSUSE-SU-2024:12563-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"fdc6fef"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37454.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project"},{"type":"WEB","url":"https://eprint.iacr.org/2023/331"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"},{"type":"WEB","url":"https://mouha.be/sha-3-buffer-overflow/"},{"type":"WEB","url":"https://news.ycombinator.com/item?id=33281106"},{"type":"WEB","url":"https://news.ycombinator.com/item?id=35050307"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37454.json"},{"type":"ADVISORY","url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37454"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230203-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5267"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5269"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}