Test Kennung:	1.3.6.1.4.1.25623.1.0.148942
Kategorie:	Buffer overflow
Titel:	Python <= 3.10.x Buffer Overflow Vulnerability - Linux
Zusammenfassung:	Python is prone to a buffer overflow vulnerability in the _sha3; module.
Beschreibung:	Summary: Python is prone to a buffer overflow vulnerability in the _sha3 module. Vulnerability Insight: The Keccak XKCP SHA-3 reference implementation has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Affected Software/OS: Python prior to version 3.7.16, version 3.8.x through 3.8.15, 3.9.x through 3.9.15 and 3.10.x through 3.10.8. Solution: Update to version 3.7.16, 3.8.16, 3.9.16, 3.10.9 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37454 https://security.gentoo.org/glsa/202305-02 https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/ https://mouha.be/sha-3-buffer-overflow/ https://news.ycombinator.com/item?id=33281106 https://news.ycombinator.com/item?id=35050307 https://www.debian.org/security/2022/dsa-5267 https://www.debian.org/security/2022/dsa-5269
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.