Bug 2140200 (CVE-2022-37454) - CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation
Summary: CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-37454
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2141754 2141755 2141756 2141757 2141758 2141759 2141760 2141761 2141762 2141763 2141764 2141766 2141812 2141813 2141814 2141815 2141816 2141818 2141819 2161670 2161671
Blocks: 2137582
TreeView+ depends on / blocked
 
Reported: 2022-11-04 19:16 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-20 10:16 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic properties, execution of arbitrary code, or a denial of service.
Clone Of:
Environment:
Last Closed: 2023-05-17 02:31:31 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:0848 0 None None None 2023-02-21 09:31:14 UTC
Red Hat Product Errata RHSA-2023:0965 0 None None None 2023-02-28 08:20:46 UTC
Red Hat Product Errata RHSA-2023:2417 0 None None None 2023-05-09 07:45:38 UTC
Red Hat Product Errata RHSA-2023:2903 0 None None None 2023-05-16 08:26:31 UTC

Description Guilherme de Almeida Suckevicz 2022-11-04 19:16:33 UTC
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

References:
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
https://mouha.be/sha-3-buffer-overflow/

Comment 1 Vít Ondruch 2022-11-07 10:01:02 UTC
I can just guess that Ruby maintainers were added on the CC due to "SHA3 for Ruby" being mentioned at the second reference. If that is the case, I'd just like to point out that this library is not in Fedora neither in RHEL, therefore this is not of our interest.

Comment 2 Miro Hrončok 2022-11-07 11:33:52 UTC
This affects Fedora's Python 3.6, 3.7, 3.8, and PyPy 3.*.

Python 3.9+ is not affected in Fedora, as it uses the OpenSSL implementation.
Python 3.11 is not affected even upstream: Python 3.11 switched to using a different sha3 implementation as a fallback.

Python/PyPy 2 does not seem to support Keccak.

See https://github.com/python/cpython/issues/98517

Comment 3 Petr Viktorin (pviktori) 2022-11-09 13:45:02 UTC
Python in RHEL is not affected: our RHEL-only hashlib patches remove the fallbacks, so only OpenSSL is used there.

Comment 4 Jun Aruga 2022-11-09 17:55:19 UTC
> I can just guess that Ruby maintainers were added on the CC due to "SHA3 for Ruby" being mentioned at the second reference. If that is the case, I'd just like to point out that this library is not in Fedora neither in RHEL, therefore this is not of our interest.

Yes. In the second reference, the sentence for Ruby is below. There is no RPM package for the "SHA3 for Ruby" (sha3 gem package) on both Fedora and RHEL.

https://mouha.be/sha-3-buffer-overflow/
> The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, pysha3, SHA3 for Ruby, and XKCP.
=> https://github.com/johanns/sha3/issues/17
=> https://rubygems.org/gems/sha3

Comment 5 Remi Collet 2022-11-10 09:04:02 UTC
Notice: the PHP security team doesn't consider this issue as a security vulnerability as it requires to be exploited some bad configuration (memory_limit). So any sane configuration protects from it.

Comment 6 Guilherme de Almeida Suckevicz 2022-11-10 17:36:53 UTC
Created mingw-python3 tracking bugs for this issue:

Affects: fedora-all [bug 2141755]


Created python2.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141756]


Created python3.6 tracking bugs for this issue:

Affects: fedora-all [bug 2141757]


Created python3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141758]


Created python3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2141759]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 2141754]

Comment 7 Guilherme de Almeida Suckevicz 2022-11-10 17:42:30 UTC
Created pypy tracking bugs for this issue:

Affects: epel-all [bug 2141761]
Affects: fedora-all [bug 2141760]


Created pypy3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2141762]


Created pypy3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2141763]


Created pypy3.9 tracking bugs for this issue:

Affects: fedora-all [bug 2141764]

Comment 8 Guilherme de Almeida Suckevicz 2022-11-10 17:49:37 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2141766]

Comment 11 Guilherme de Almeida Suckevicz 2022-11-10 19:26:24 UTC
Created rust-keccak tracking bugs for this issue:

Affects: fedora-all [bug 2141818]


Created rust-tiny-keccak tracking bugs for this issue:

Affects: fedora-all [bug 2141819]

Comment 12 Fedora Update System 2022-11-10 19:53:52 UTC
FEDORA-2022-17bc21cf38 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Miro Hrončok 2022-11-14 17:37:30 UTC
For the record, any Python older than 3.6 does not even support SHA-3 and hence is not affected. I've verified this in python37 @ epel7 package [bug 2141754].

Comment 14 Miro Hrončok 2022-11-14 17:38:13 UTC
(In reply to Miro Hrončok from comment #13)
> For the record, any Python older than 3.6 does not even support SHA-3 and
> hence is not affected. I've verified this in python37 @ epel7 package [bug
> 2141754].

Correction: I've verified this in python34 @ epel7 package [bug 2141754].

Comment 15 errata-xmlrpc 2023-02-21 09:31:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848

Comment 16 errata-xmlrpc 2023-02-28 08:20:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965

Comment 17 errata-xmlrpc 2023-05-09 07:45:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417

Comment 18 errata-xmlrpc 2023-05-16 08:26:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903

Comment 19 Product Security DevOps Team 2023-05-17 02:31:29 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-37454


Note You need to log in before you can comment on or make changes to this bug.