package/python3: fix CVE-2022-37454 (92d96e85) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 92d96e85 authored Dec 03, 2022 by Fabrice Fontaine Committed by Yann E. MORIN Dec 04, 2022

package/python3: fix CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an
integer overflow and resultant buffer overflow that allows attackers to
execute arbitrary code or eliminate expected cryptographic properties.
This occurs in the sponge function interface.

Python 3.11 and later switched to using tiny_sha3 in GH-32060, so they
should not be affected.

https://github.com/python/cpython/issues/98517



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent cac489ce

Hide whitespace changes

Inline Side-by-side

Please register or to comment