VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-awv4-rzmw-aaap

Essentials
Severities (141)
References (60)
Severity details (61)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-awv4-rzmw-aaap
Aliases	CVE-2022-37454 GHSA-6w4m-2xhg-2658
Summary	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-190	Integer Overflow or Wraparound
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-680	Integer Overflow to Buffer Overflow

System	Score	Found at
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01202	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01326	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01362	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01362	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.01362	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.03092	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.05299	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.05501	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.05501	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.05501	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
epss	0.05501	https://api.first.org/data/v1/epss?cve=CVE-2022-37454
cvssv3.1	9.8	https://csrc.nist.gov/projects/hash-functions/sha-3-project
generic_textual	CRITICAL	https://csrc.nist.gov/projects/hash-functions/sha-3-project
ssvc	Track*	https://csrc.nist.gov/projects/hash-functions/sha-3-project
cvssv3.1	9.8	https://eprint.iacr.org/2023/331
generic_textual	CRITICAL	https://eprint.iacr.org/2023/331
ssvc	Track*	https://eprint.iacr.org/2023/331
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-6w4m-2xhg-2658
cvssv3.1	9.8	https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312
generic_textual	CRITICAL	https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312
cvssv3.1	9.8	https://github.com/johanns/sha3/issues/17
generic_textual	CRITICAL	https://github.com/johanns/sha3/issues/17
cvssv3.1	9.8	https://github.com/tiran/pysha3/issues/29
generic_textual	CRITICAL	https://github.com/tiran/pysha3/issues/29
cvssv3.1	9.8	https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
generic_textual	CRITICAL	https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
cvssv3.1	9.8	https://github.com/XKCP/XKCP/issues/105
generic_textual	CRITICAL	https://github.com/XKCP/XKCP/issues/105
cvssv3.1	9.8	https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
cvssv3.1_qr	CRITICAL	https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
ssvc	Track*	https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
cvssv3.1	9.8	https://mouha.be/sha-3-buffer-overflow
generic_textual	CRITICAL	https://mouha.be/sha-3-buffer-overflow
cvssv3.1	9.8	https://mouha.be/sha-3-buffer-overflow/
ssvc	Track*	https://mouha.be/sha-3-buffer-overflow/
cvssv3.1	9.8	https://news.ycombinator.com/item?id=33281106
generic_textual	CRITICAL	https://news.ycombinator.com/item?id=33281106
ssvc	Track*	https://news.ycombinator.com/item?id=33281106
cvssv3.1	9.8	https://news.ycombinator.com/item?id=35050307
generic_textual	CRITICAL	https://news.ycombinator.com/item?id=35050307
ssvc	Track*	https://news.ycombinator.com/item?id=35050307
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-37454
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-37454
cvssv3.1	9.8	https://security.gentoo.org/glsa/202305-02
generic_textual	CRITICAL	https://security.gentoo.org/glsa/202305-02
ssvc	Track*	https://security.gentoo.org/glsa/202305-02
cvssv3.1	9.8	https://www.debian.org/security/2022/dsa-5267
generic_textual	CRITICAL	https://www.debian.org/security/2022/dsa-5267
ssvc	Track*	https://www.debian.org/security/2022/dsa-5267
cvssv3.1	9.8	https://www.debian.org/security/2022/dsa-5269
generic_textual	CRITICAL	https://www.debian.org/security/2022/dsa-5269
ssvc	Track*	https://www.debian.org/security/2022/dsa-5269

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-37454
		https://csrc.nist.gov/projects/hash-functions/sha-3-project
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
		https://eprint.iacr.org/2023/331
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312
		https://github.com/johanns/sha3/issues/17
		https://github.com/tiran/pysha3/issues/29
		https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
		https://github.com/XKCP/XKCP/issues/105
		https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
		https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
		https://mouha.be/sha-3-buffer-overflow
		https://mouha.be/sha-3-buffer-overflow/
		https://news.ycombinator.com/item?id=33281106
		https://news.ycombinator.com/item?id=35050307
		https://security.gentoo.org/glsa/202305-02
		https://security.netapp.com/advisory/ntap-20230203-0001/
		https://www.debian.org/security/2022/dsa-5267
		https://www.debian.org/security/2022/dsa-5269
1023030		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030
2140200		https://bugzilla.redhat.com/show_bug.cgi?id=2140200
cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:extended_keccak_code_package_project:extended_keccak_code_package:-:::::::*
cpe:2.3:a:php:php::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
cpe:2.3:a:pypy:pypy::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pypy:pypy::::::::
cpe:2.3:a:pysha3_project:pysha3::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pysha3_project:pysha3::::::::
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
cpe:2.3:a:sha3_project:sha3::::::ruby::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sha3_project:sha3::::::ruby::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2022-37454		https://nvd.nist.gov/vuln/detail/CVE-2022-37454
CVE-2022-37454.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml
GHSA-6w4m-2xhg-2658		https://github.com/advisories/GHSA-6w4m-2xhg-2658
GHSA-6w4m-2xhg-2658		https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
RHSA-2023:0848		https://access.redhat.com/errata/RHSA-2023:0848
RHSA-2023:0965		https://access.redhat.com/errata/RHSA-2023:0965
RHSA-2023:2417		https://access.redhat.com/errata/RHSA-2023:2417
RHSA-2023:2903		https://access.redhat.com/errata/RHSA-2023:2903
USN-5717-1		https://usn.ubuntu.com/5717-1/
USN-5767-1		https://usn.ubuntu.com/5767-1/
USN-5767-3		https://usn.ubuntu.com/5767-3/
USN-5888-1		https://usn.ubuntu.com/5888-1/
USN-5930-1		https://usn.ubuntu.com/5930-1/
USN-5931-1		https://usn.ubuntu.com/5931-1/
USN-6524-1		https://usn.ubuntu.com/6524-1/
USN-6525-1		https://usn.ubuntu.com/6525-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://csrc.nist.gov/projects/hash-functions/sha-3-project

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://csrc.nist.gov/projects/hash-functions/sha-3-project

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://eprint.iacr.org/2023/331

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://eprint.iacr.org/2023/331

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/johanns/sha3/issues/17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/tiran/pysha3/issues/29

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/XKCP/XKCP/issues/105

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://mouha.be/sha-3-buffer-overflow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://mouha.be/sha-3-buffer-overflow/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://mouha.be/sha-3-buffer-overflow/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://news.ycombinator.com/item?id=33281106

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://news.ycombinator.com/item?id=33281106

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://news.ycombinator.com/item?id=35050307

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://news.ycombinator.com/item?id=35050307

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-37454

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-37454

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://security.gentoo.org/glsa/202305-02

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://www.debian.org/security/2022/dsa-5267

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5269

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/ Found at https://www.debian.org/security/2022/dsa-5269

Exploit Prediction Scoring System (EPSS)

Percentile	0.77041
EPSS Score	0.01202
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.