[Bug 1995197] [NEW] Vulnerable to CVE 2022-37454 (SHA-3 buffer overflow)
Stefano Rivera
1995197 at bugs.launchpad.net
Sun Oct 30 08:44:35 UTC 2022
Public bug reported:
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
** Affects: pypy3 (Ubuntu)
Importance: Undecided
Status: New
** Affects: pysha3 (Ubuntu)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: python3.7 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: python3.8 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: pypy3 (Ubuntu Bionic)
Importance: Undecided
Status: Invalid
** Affects: pysha3 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: python3.7 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: python3.8 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: pypy3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: pysha3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu Focal)
Importance: Undecided
Status: Invalid
** Affects: python3.7 (Ubuntu Focal)
Importance: Undecided
Status: Invalid
** Affects: python3.8 (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: pypy3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: pysha3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu Jammy)
Importance: Undecided
Status: Invalid
** Affects: python3.7 (Ubuntu Jammy)
Importance: Undecided
Status: Invalid
** Affects: python3.8 (Ubuntu Jammy)
Importance: Undecided
Status: Invalid
** Affects: pypy3 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Affects: pysha3 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu Kinetic)
Importance: Undecided
Status: Invalid
** Affects: python3.7 (Ubuntu Kinetic)
Importance: Undecided
Status: Invalid
** Affects: python3.8 (Ubuntu Kinetic)
Importance: Undecided
Status: Invalid
** Affects: pypy3 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Affects: pysha3 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Affects: python3.6 (Ubuntu Lunar)
Importance: Undecided
Status: Invalid
** Affects: python3.7 (Ubuntu Lunar)
Importance: Undecided
Status: Invalid
** Affects: python3.8 (Ubuntu Lunar)
Importance: Undecided
Status: Invalid
** Tags: community-security
** Also affects: pypy3 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: pypy3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: pysha3 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: pypy3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: pysha3 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: pypy3 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: pysha3 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: pypy3 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: pysha3 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: pypy3 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: python3.6 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: pysha3 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: python3.7 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Lunar)
Importance: Undecided
Status: New
** Changed in: python3.8 (Ubuntu Jammy)
Status: New => Invalid
** Changed in: python3.8 (Ubuntu Kinetic)
Status: New => Invalid
** Changed in: python3.8 (Ubuntu Lunar)
Status: New => Invalid
** Changed in: python3.7 (Ubuntu Jammy)
Status: New => Invalid
** Changed in: python3.7 (Ubuntu Focal)
Status: New => Invalid
** Changed in: python3.7 (Ubuntu Kinetic)
Status: New => Invalid
** Changed in: python3.7 (Ubuntu Lunar)
Status: New => Invalid
** Changed in: python3.6 (Ubuntu Focal)
Status: New => Invalid
** Changed in: python3.6 (Ubuntu Jammy)
Status: New => Invalid
** Changed in: python3.6 (Ubuntu Kinetic)
Status: New => Invalid
** Changed in: python3.6 (Ubuntu Lunar)
Status: New => Invalid
** Changed in: pypy3 (Ubuntu Bionic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1995197
Title:
Vulnerable to CVE 2022-37454 (SHA-3 buffer overflow)
Status in pypy3 package in Ubuntu:
New
Status in pysha3 package in Ubuntu:
New
Status in python3.6 package in Ubuntu:
Invalid
Status in python3.7 package in Ubuntu:
Invalid
Status in python3.8 package in Ubuntu:
Invalid
Status in pypy3 source package in Bionic:
Invalid
Status in pysha3 source package in Bionic:
New
Status in python3.6 source package in Bionic:
New
Status in python3.7 source package in Bionic:
New
Status in python3.8 source package in Bionic:
New
Status in pypy3 source package in Focal:
New
Status in pysha3 source package in Focal:
New
Status in python3.6 source package in Focal:
Invalid
Status in python3.7 source package in Focal:
Invalid
Status in python3.8 source package in Focal:
New
Status in pypy3 source package in Jammy:
New
Status in pysha3 source package in Jammy:
New
Status in python3.6 source package in Jammy:
Invalid
Status in python3.7 source package in Jammy:
Invalid
Status in python3.8 source package in Jammy:
Invalid
Status in pypy3 source package in Kinetic:
New
Status in pysha3 source package in Kinetic:
New
Status in python3.6 source package in Kinetic:
Invalid
Status in python3.7 source package in Kinetic:
Invalid
Status in python3.8 source package in Kinetic:
Invalid
Status in pypy3 source package in Lunar:
New
Status in pysha3 source package in Lunar:
New
Status in python3.6 source package in Lunar:
Invalid
Status in python3.7 source package in Lunar:
Invalid
Status in python3.8 source package in Lunar:
Invalid
Bug description:
pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak
https://mouha.be/sha-3-buffer-overflow/
See: https://github.com/python/cpython/issues/98517
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pypy3/+bug/1995197/+subscriptions
More information about the foundations-bugs
mailing list