2140200 – (CVE-2022-37454) CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation

Bug 2140200 (CVE-2022-37454) - CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation

Summary: CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-37454
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2141813 2141814 2141754 2141755 2141756 2141757 2141758 2141759 2141760 2141761 2141762 2141763 2141764 2141766 2141812 2141815 2141816 2141818 2141819 2161670 2161671
Blocks:	2137582
TreeView+	depends on / blocked

Reported:	2022-11-04 19:16 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-05-17 02:31 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic properties, execution of arbitrary code, or a denial of service.
Clone Of:
Environment:
Last Closed:	2023-05-17 02:31:31 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:0848	None	None	None	2023-02-21 09:31:14 UTC
Red Hat Product Errata	RHSA-2023:0965	None	None	None	2023-02-28 08:20:46 UTC
Red Hat Product Errata	RHSA-2023:2417	None	None	None	2023-05-09 07:45:38 UTC
Red Hat Product Errata	RHSA-2023:2903	None	None	None	2023-05-16 08:26:31 UTC

Description Guilherme de Almeida Suckevicz 2022-11-04 19:16:33 UTC

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

References:
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
https://mouha.be/sha-3-buffer-overflow/

Comment 1 Vít Ondruch 2022-11-07 10:01:02 UTC

I can just guess that Ruby maintainers were added on the CC due to "SHA3 for Ruby" being mentioned at the second reference. If that is the case, I'd just like to point out that this library is not in Fedora neither in RHEL, therefore this is not of our interest.

Comment 2 Miro Hrončok 2022-11-07 11:33:52 UTC

This affects Fedora's Python 3.6, 3.7, 3.8, and PyPy 3.*.

Python 3.9+ is not affected in Fedora, as it uses the OpenSSL implementation.
Python 3.11 is not affected even upstream: Python 3.11 switched to using a different sha3 implementation as a fallback.

Python/PyPy 2 does not seem to support Keccak.

See https://github.com/python/cpython/issues/98517

Comment 3 Petr Viktorin 2022-11-09 13:45:02 UTC

Python in RHEL is not affected: our RHEL-only hashlib patches remove the fallbacks, so only OpenSSL is used there.

Comment 4 Jun Aruga 2022-11-09 17:55:19 UTC

> I can just guess that Ruby maintainers were added on the CC due to "SHA3 for Ruby" being mentioned at the second reference. If that is the case, I'd just like to point out that this library is not in Fedora neither in RHEL, therefore this is not of our interest.

Yes. In the second reference, the sentence for Ruby is below. There is no RPM package for the "SHA3 for Ruby" (sha3 gem package) on both Fedora and RHEL.

https://mouha.be/sha-3-buffer-overflow/
> The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, pysha3, SHA3 for Ruby, and XKCP.
=> https://github.com/johanns/sha3/issues/17
=> https://rubygems.org/gems/sha3

Comment 5 Remi Collet 2022-11-10 09:04:02 UTC

Notice: the PHP security team doesn't consider this issue as a security vulnerability as it requires to be exploited some bad configuration (memory_limit). So any sane configuration protects from it.

Comment 6 Guilherme de Almeida Suckevicz 2022-11-10 17:36:53 UTC

Created mingw-python3 tracking bugs for this issue:

Affects: fedora-all [bug 2141755]


Created python2.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141756]


Created python3.6 tracking bugs for this issue:

Affects: fedora-all [bug 2141757]


Created python3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141758]


Created python3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2141759]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 2141754]

Comment 7 Guilherme de Almeida Suckevicz 2022-11-10 17:42:30 UTC

Created pypy tracking bugs for this issue:

Affects: epel-all [bug 2141761]
Affects: fedora-all [bug 2141760]


Created pypy3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141762]


Created pypy3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2141763]


Created pypy3.9 tracking bugs for this issue:

Affects: fedora-all [bug 2141764]

Comment 8 Guilherme de Almeida Suckevicz 2022-11-10 17:49:37 UTC

Created php tracking bugs for this issue:

Affects: fedora-all [bug 2141766]

Comment 11 Guilherme de Almeida Suckevicz 2022-11-10 19:26:24 UTC

Created rust-keccak tracking bugs for this issue:

Affects: fedora-all [bug 2141818]


Created rust-tiny-keccak tracking bugs for this issue:

Affects: fedora-all [bug 2141819]

Comment 12 Fedora Update System 2022-11-10 19:53:52 UTC

FEDORA-2022-17bc21cf38 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Miro Hrončok 2022-11-14 17:37:30 UTC

For the record, any Python older than 3.6 does not even support SHA-3 and hence is not affected. I've verified this in python37 @ epel7 package [bug 2141754].

Comment 14 Miro Hrončok 2022-11-14 17:38:13 UTC

(In reply to Miro Hrončok from comment #13)
> For the record, any Python older than 3.6 does not even support SHA-3 and
> hence is not affected. I've verified this in python37 @ epel7 package [bug
> 2141754].

Correction: I've verified this in python34 @ epel7 package [bug 2141754].

Comment 15 errata-xmlrpc 2023-02-21 09:31:13 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848

Comment 16 errata-xmlrpc 2023-02-28 08:20:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965

Comment 17 errata-xmlrpc 2023-05-09 07:45:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417

Comment 18 errata-xmlrpc 2023-05-16 08:26:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903

Comment 19 Product Security DevOps Team 2023-05-17 02:31:29 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-37454

Note You need to log in before you can comment on or make changes to this bug.