{"api_version":"1","generated_at":"2026-04-22T23:09:09+00:00","cve":"CVE-2022-37454","urls":{"html":"https://cve.report/CVE-2022-37454","api":"https://cve.report/api/cve/CVE-2022-37454.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-37454","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-37454"},"summary":{"title":"CVE-2022-37454","description":"The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-10-21 06:15:00","updated_at":"2023-05-03 11:15:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://mouha.be/sha-3-buffer-overflow/","name":"https://mouha.be/sha-3-buffer-overflow/","refsource":"MISC","tags":[],"title":"SHA-3 Buffer Overflow – Nicky Mouha","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html","name":"[debian-lts-announce] 20221101 [SECURITY] [DLA 3175-1] python3.7 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3175-1] python3.7 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5267","name":"DSA-5267","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5267-1 pysha3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 36 Update: php-8.1.12-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://news.ycombinator.com/item?id=33281106","name":"https://news.ycombinator.com/item?id=33281106","refsource":"MISC","tags":[],"title":"SHA-3 Buffer Overflow | Hacker News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://eprint.iacr.org/2023/331","name":"https://eprint.iacr.org/2023/331","refsource":"MISC","tags":[],"title":"A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658","name":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658","refsource":"MISC","tags":[],"title":"Buffer overflow in sponge queue functions · Advisory · XKCP/XKCP · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html","name":"[debian-lts-announce] 20221031 [SECURITY] [DLA 3174-1] pysha3 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3174-1] pysha3 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://news.ycombinator.com/item?id=35050307","name":"https://news.ycombinator.com/item?id=35050307","refsource":"MISC","tags":[],"title":"A Vulnerability in Implementations of SHA-3, Shake, EdDSA | Hacker News","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","name":"FEDORA-2022-1ecc10276e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: php-8.1.12-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5269","name":"DSA-5269","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5269-1 pypy3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","name":"FEDORA-2022-f2a5082860","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202305-02","name":"https://security.gentoo.org/glsa/202305-02","refsource":"MISC","tags":[],"title":"Python, PyPy3: Multiple Vulnerabilities (GLSA 202305-02) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project","name":"https://csrc.nist.gov/projects/hash-functions/sha-3-project","refsource":"MISC","tags":[],"title":"Hash Functions | CSRC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-37454","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37454","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"extended_keccak_code_package_project","cpe5":"extended_keccak_code_package","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pypy","cpe5":"pypy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pysha3_project","cpe5":"pysha3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"37454","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sha3_project","cpe5":"sha3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ruby","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-37454","qid":"150663","title":"PHP Buffer Overflow Vulnerability (CVE-2022-37454)"},{"cve":"CVE-2022-37454","qid":"160478","title":"Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-0848)"},{"cve":"CVE-2022-37454","qid":"160486","title":"Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-0965)"},{"cve":"CVE-2022-37454","qid":"160592","title":"Oracle Enterprise Linux Security Update for 8.1 (ELSA-2023-2417)"},{"cve":"CVE-2022-37454","qid":"160672","title":"Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2023-2903)"},{"cve":"CVE-2022-37454","qid":"181181","title":"Debian Security Update for pysha3 (DSA 5267-1)"},{"cve":"CVE-2022-37454","qid":"181182","title":"Debian Security Update for pysha3 (DLA 3174-1)"},{"cve":"CVE-2022-37454","qid":"181183","title":"Debian Security Update for python3.7 (DLA 3175-1)"},{"cve":"CVE-2022-37454","qid":"181185","title":"Debian Security Update for pypy3 (DSA 5269-1)"},{"cve":"CVE-2022-37454","qid":"181210","title":"Debian Security Update for php7.4 (DSA 5277-1)"},{"cve":"CVE-2022-37454","qid":"181332","title":"Debian Security Update for php7.3 (DLA 3243-1)"},{"cve":"CVE-2022-37454","qid":"183958","title":"Debian Security Update for pypy3 (CVE-2022-37454)"},{"cve":"CVE-2022-37454","qid":"199021","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5717-1)"},{"cve":"CVE-2022-37454","qid":"199068","title":"Ubuntu Security Notification for Python Vulnerabilities (USN-5767-1)"},{"cve":"CVE-2022-37454","qid":"199219","title":"Ubuntu Security Notification for Python Vulnerability (USN-5767-3)"},{"cve":"CVE-2022-37454","qid":"199497","title":"Ubuntu Security Notification for Python Vulnerabilities (USN-5888-1)"},{"cve":"CVE-2022-37454","qid":"199505","title":"Ubuntu Security Notification for Python Vulnerability (USN-5931-1)"},{"cve":"CVE-2022-37454","qid":"199536","title":"Ubuntu Security Notification for Python Vulnerability (USN-5930-1)"},{"cve":"CVE-2022-37454","qid":"199962","title":"Ubuntu Security Notification for pysha3 Vulnerability (USN-6525-1)"},{"cve":"CVE-2022-37454","qid":"199968","title":"Ubuntu Security Notification for PyPy Vulnerability (USN-6524-1)"},{"cve":"CVE-2022-37454","qid":"20342","title":"Oracle Database 21c Critical Patch Update - April 2023"},{"cve":"CVE-2022-37454","qid":"241205","title":"Red Hat Update for php:8.0 (RHSA-2023:0848)"},{"cve":"CVE-2022-37454","qid":"241219","title":"Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:0965)"},{"cve":"CVE-2022-37454","qid":"241447","title":"Red Hat Update for php:8.1 (RHSA-2023:2417)"},{"cve":"CVE-2022-37454","qid":"241540","title":"Red Hat Update for php:7.4 (RHSA-2023:2903)"},{"cve":"CVE-2022-37454","qid":"283268","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f2a5082860)"},{"cve":"CVE-2022-37454","qid":"283279","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-1ecc10276e)"},{"cve":"CVE-2022-37454","qid":"283330","title":"Fedora Security Update for python3.6 (FEDORA-2022-004b185fa4)"},{"cve":"CVE-2022-37454","qid":"283331","title":"Fedora Security Update for python3.6 (FEDORA-2022-104076b1d8)"},{"cve":"CVE-2022-37454","qid":"283336","title":"Fedora Security Update for python3.8 (FEDORA-2022-7798bf3aa3)"},{"cve":"CVE-2022-37454","qid":"283343","title":"Fedora Security Update for python3.7 (FEDORA-2022-385d2ea041)"},{"cve":"CVE-2022-37454","qid":"283344","title":"Fedora Security Update for python3.8 (FEDORA-2022-5fd3e7f635)"},{"cve":"CVE-2022-37454","qid":"283345","title":"Fedora Security Update for python3.7 (FEDORA-2022-760d1eac9b)"},{"cve":"CVE-2022-37454","qid":"283418","title":"Fedora Security Update for python3.7 (FEDORA-2022-4f547d1cc6)"},{"cve":"CVE-2022-37454","qid":"283419","title":"Fedora Security Update for python3.8 (FEDORA-2022-cb47d98a05)"},{"cve":"CVE-2022-37454","qid":"283426","title":"Fedora Security Update for python3.6 (FEDORA-2022-cae8089f93)"},{"cve":"CVE-2022-37454","qid":"283450","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f204e1d0ed)"},{"cve":"CVE-2022-37454","qid":"283597","title":"Fedora Security Update for pypy3.8 (FEDORA-2023-78b4ce2f23)"},{"cve":"CVE-2022-37454","qid":"283600","title":"Fedora Security Update for pypy3.9 (FEDORA-2023-af5206f71d)"},{"cve":"CVE-2022-37454","qid":"283601","title":"Fedora Security Update for pypy3.8 (FEDORA-2023-943556a733)"},{"cve":"CVE-2022-37454","qid":"283604","title":"Fedora Security Update for pypy3.9 (FEDORA-2023-097dd40685)"},{"cve":"CVE-2022-37454","qid":"283797","title":"Fedora Security Update for pypy3.7 (FEDORA-2023-930077c742)"},{"cve":"CVE-2022-37454","qid":"284294","title":"Fedora Security Update for python3.7 (FEDORA-2022-792bd23738)"},{"cve":"CVE-2022-37454","qid":"284295","title":"Fedora Security Update for python3.8 (FEDORA-2022-eda83be115)"},{"cve":"CVE-2022-37454","qid":"284296","title":"Fedora Security Update for python3.6 (FEDORA-2022-17bc21cf38)"},{"cve":"CVE-2022-37454","qid":"296098","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-37454","qid":"354125","title":"Amazon Linux Security Advisory for python3 : ALAS2-2022-1897"},{"cve":"CVE-2022-37454","qid":"354247","title":"Amazon Linux Security Advisory for python38 : ALAS-2022-1651"},{"cve":"CVE-2022-37454","qid":"354258","title":"Amazon Linux Security Advisory for python36 : ALAS-2022-1652"},{"cve":"CVE-2022-37454","qid":"354414","title":"Amazon Linux Security Advisory for php8.1 : ALAS2022-2022-243"},{"cve":"CVE-2022-37454","qid":"354548","title":"Amazon Linux Security Advisory for php8.1 : ALAS-2022-243"},{"cve":"CVE-2022-37454","qid":"355222","title":"Amazon Linux Security Advisory for php8.1 : ALAS2023-2023-081"},{"cve":"CVE-2022-37454","qid":"356067","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001"},{"cve":"CVE-2022-37454","qid":"356071","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-004"},{"cve":"CVE-2022-37454","qid":"356079","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001"},{"cve":"CVE-2022-37454","qid":"356091","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2PHP8.0-2023-004"},{"cve":"CVE-2022-37454","qid":"356253","title":"Amazon Linux Security Advisory for python38 : ALASPYTHON3.8-2023-004"},{"cve":"CVE-2022-37454","qid":"356490","title":"Amazon Linux Security Advisory for python38 : ALAS2PYTHON3.8-2023-004"},{"cve":"CVE-2022-37454","qid":"378747","title":"Alibaba Cloud Linux Security Update for php:7.4 (ALINUX3-SA-2023:0088)"},{"cve":"CVE-2022-37454","qid":"38880","title":"Hypertext Preprocessor (PHP) Multiple Security Vulnerabilities (81738, 81739)"},{"cve":"CVE-2022-37454","qid":"502574","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2022-37454","qid":"502576","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2022-37454","qid":"502577","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2022-37454","qid":"502593","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2022-37454","qid":"502608","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2022-37454","qid":"503213","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2022-37454","qid":"503679","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2022-37454","qid":"504338","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2022-37454","qid":"505229","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2022-37454","qid":"506153","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2022-37454","qid":"672594","title":"EulerOS Security Update for python3 (EulerOS-SA-2023-1334)"},{"cve":"CVE-2022-37454","qid":"672601","title":"EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-1332)"},{"cve":"CVE-2022-37454","qid":"672618","title":"EulerOS Security Update for python3 (EulerOS-SA-2023-1368)"},{"cve":"CVE-2022-37454","qid":"672659","title":"EulerOS Security Update for python3 (EulerOS-SA-2023-1396)"},{"cve":"CVE-2022-37454","qid":"672704","title":"EulerOS Security Update for python3 (EulerOS-SA-2023-1455)"},{"cve":"CVE-2022-37454","qid":"672783","title":"EulerOS Security Update for python3 (EulerOS-SA-2023-1480)"},{"cve":"CVE-2022-37454","qid":"710684","title":"Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202211-03)"},{"cve":"CVE-2022-37454","qid":"710714","title":"Gentoo Linux Python, PyPy3 Multiple Vulnerabilities (GLSA 202305-02)"},{"cve":"CVE-2022-37454","qid":"752779","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:3924-1)"},{"cve":"CVE-2022-37454","qid":"752863","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:3997-1)"},{"cve":"CVE-2022-37454","qid":"752878","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)"},{"cve":"CVE-2022-37454","qid":"752898","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)"},{"cve":"CVE-2022-37454","qid":"752901","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)"},{"cve":"CVE-2022-37454","qid":"752927","title":"SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:4005-1)"},{"cve":"CVE-2022-37454","qid":"752940","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4274-1)"},{"cve":"CVE-2022-37454","qid":"752957","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4281-1)"},{"cve":"CVE-2022-37454","qid":"753766","title":"SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2023:0707-1)"},{"cve":"CVE-2022-37454","qid":"904576","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11507)"},{"cve":"CVE-2022-37454","qid":"904579","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11503)"},{"cve":"CVE-2022-37454","qid":"904585","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (11501)"},{"cve":"CVE-2022-37454","qid":"904634","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (11501-1)"},{"cve":"CVE-2022-37454","qid":"904721","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11503-1)"},{"cve":"CVE-2022-37454","qid":"904739","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11507-1)"},{"cve":"CVE-2022-37454","qid":"940930","title":"AlmaLinux Security Update for php:8.0 (ALSA-2023:0848)"},{"cve":"CVE-2022-37454","qid":"940947","title":"AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:0965)"},{"cve":"CVE-2022-37454","qid":"941025","title":"AlmaLinux Security Update for php:8.1 (ALSA-2023:2417)"},{"cve":"CVE-2022-37454","qid":"941091","title":"AlmaLinux Security Update for php:7.4 (ALSA-2023:2903)"},{"cve":"CVE-2022-37454","qid":"960657","title":"Rocky Linux Security Update for php:8.0 (RLSA-2023:0848)"},{"cve":"CVE-2022-37454","qid":"960904","title":"Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:0965)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-37454","ASSIGNER":"cve@mitre.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"n/a","status":"unknown"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project","refsource":"MISC","name":"https://csrc.nist.gov/projects/hash-functions/sha-3-project"},{"url":"https://mouha.be/sha-3-buffer-overflow/","refsource":"MISC","name":"https://mouha.be/sha-3-buffer-overflow/"},{"url":"https://news.ycombinator.com/item?id=33281106","refsource":"MISC","name":"https://news.ycombinator.com/item?id=33281106"},{"url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658","refsource":"MISC","name":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"},{"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"},{"url":"https://www.debian.org/security/2022/dsa-5267","refsource":"MISC","name":"https://www.debian.org/security/2022/dsa-5267"},{"url":"https://www.debian.org/security/2022/dsa-5269","refsource":"MISC","name":"https://www.debian.org/security/2022/dsa-5269"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"},{"url":"https://eprint.iacr.org/2023/331","refsource":"MISC","name":"https://eprint.iacr.org/2023/331"},{"url":"https://news.ycombinator.com/item?id=35050307","refsource":"MISC","name":"https://news.ycombinator.com/item?id=35050307"},{"url":"https://security.gentoo.org/glsa/202305-02","refsource":"MISC","name":"https://security.gentoo.org/glsa/202305-02"}]}},"nvd":{"publishedDate":"2022-10-21 06:15:00","lastModifiedDate":"2023-05-03 11:15:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.4.33","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.0","versionEndExcluding":"3.10.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.7.16","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sha3_project:sha3:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.0.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pysha3_project:pysha3:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pypy:pypy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}