CVE-2022-37454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-37454
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37454.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-37454
Aliases
Downstream
Related
Published
2022-10-21T06:15:09.333Z
Modified
2026-03-15T22:47:04.742419Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
dca8d5565b947270a29f232bc54efd9df3b92b94
Introduced
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Fixed
145b4e6e2f319a92cd5bc27f426bcbec2dd0add9
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
b91e67524dfc9ade4cbf5c0fe997677aea7b33c1
Database specific 
{
    "versions": [
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.4.33"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.25"
        },
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.12"
        }
    ]
}
Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Fixed
3f82aa744678620a811927dc4e56ad9c7c3d0c14
Introduced
fa919fdf2583bdfead1df00e842f24f30b2a34bf
Fixed
1e3d2d52109c9d82ba307116e912d16bb4b0dbb7
Introduced
9cf6752276e6fcfd0c23fdb064ad27f448aaaf75
Fixed
595f9ccb0c059f2fb5bf13643bfc0cdd5b55a422
Introduced
b494f5935c92951e75597bfe1c8b1f3112fec270
Fixed
1dd9be6584413fbfa823f37a224f101b819505d1
Database specific 
{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.7.16"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.16"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.16"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.9"
        }
    ]
}

Affected versions

v3.*
v3.10.0
v3.10.0a1
v3.10.0a2
v3.10.0a3
v3.10.0a4
v3.10.0a5
v3.10.0a6
v3.10.0a7
v3.10.0b1
v3.10.0b2
v3.10.0b3
v3.10.0b4
v3.10.0rc1
v3.10.0rc2
v3.10.1
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.4.6
v3.4.6rc1
v3.5.3
v3.5.3rc1
v3.6.0
v3.7.0a1
v3.7.0a2
v3.7.0a3
v3.7.0a4
v3.8.0a1
v3.8.0a2
v3.8.0a3
v3.8.0a4
v3.8.0b1
v3.9.0a1
v3.9.0a2
v3.9.0a3
v3.9.0a4
v3.9.0a5
v3.9.0a6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37454.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.0.0"
            }
        ]
    }
]