← 返回首页
[CVE-2022-37454] Buffer overflow in the _sha3 module in python versions <= 3.10 · Issue #98517 · python/cpython · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted
Cancel Submit feedback

Saved searches

Use saved searches to filter your results more quickly

Cancel Create saved search
Appearance settings
Resetting focus

[CVE-2022-37454] Buffer overflow in the _sha3 module in python versions <= 3.10 #98517

New issue
New issue
Closed
Closed
[CVE-2022-37454] Buffer overflow in the _sha3 module in python versions <= 3.10#98517
Assignees
Labels
3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifetype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Description

botovq
opened on Oct 21, 2022

CVE-2022-37454 affects Python versions prior to 3.11. The fix discussed in XKCP's advisory can be adapted to these versions. The discoverer's writeup contains code that might be turned into regression tests.

Python 3.11 and later switched to using tiny_sha3 in GH-32060, so they should not be affected.

Linked PRs

Metadata

Metadata

Assignees

Labels

3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifetype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    Footer

    © 2026 GitHub, Inc.