CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest.

References

Affected packages

Git

github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aa73e1722eb9835dc99fd8983885a141112ee4ab

Introduced

1bf9cc509326bc42cd8cb1650eb9bf64550d817e

Fixed

9b2dd1fc6c9913dbeee623e724b6baa598038f97

Introduced

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Fixed

1e5d33e9b9b8631b36f061103a30208b206fd03a

Introduced

fa919fdf2583bdfead1df00e842f24f30b2a34bf

Fixed

6503f05dd59e26a9986bdea097b3da9b3546f45b

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48566.json"

github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

36e5687edb263228eb912d542ebad988e0672beb

Fixed

e63d9b34522106b47a9b3a758d81fee5c0b1c1ba

Introduced

c1b5c599c9d8d83ba3a1dcfe31570d1b0f6b4c3e

Fixed

981c41043977daa2c741816fdbe6bfe11f256117

Introduced

f1d358137f7ed657db6afec1b1eca0b9f7814e25

Fixed

96e0ff1f76d153e9ccfa29297d070dcb6b067c7c

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48566.json"

gitlab.com/libtiff/libtiff

Affected ranges

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

616624213caa4017313ca0aac850c1101759d4ff

Fixed

edc9963e946137e5dd4130f2d5eb1d7efa48483b

Affected versions

v3.*

v3.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48566.json"