ID de Prueba:	1.3.6.1.4.1.25623.1.0.148943
Categoría:	Buffer overflow
Título:	Python <= 3.10.x Buffer Overflow Vulnerability - Windows
Resumen:	Python is prone to a buffer overflow vulnerability in the _sha3; module.
Descripción:	Summary: Python is prone to a buffer overflow vulnerability in the _sha3 module. Vulnerability Insight: The Keccak XKCP SHA-3 reference implementation has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Affected Software/OS: Python prior to version 3.7.16, version 3.8.x through 3.8.15, 3.9.x through 3.9.15 and 3.10.x through 3.10.8. Solution: Update to version 3.7.16, 3.8.16, 3.9.16, 3.10.9 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37454 https://security.gentoo.org/glsa/202305-02 https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/ https://mouha.be/sha-3-buffer-overflow/ https://news.ycombinator.com/item?id=33281106 https://news.ycombinator.com/item?id=35050307 https://www.debian.org/security/2022/dsa-5267 https://www.debian.org/security/2022/dsa-5269
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.