VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-uudz-d713-aaah

Essentials
Severities (91)
References (18)
Severity details (5)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-uudz-d713-aaah
Aliases	CVE-2022-48566
Summary	An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Status	Published
Exploitability	0.5
Weighted Severity	7.3
Risk	3.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48566.json
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2022-48566
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2022-48566
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-48566
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2022-48566

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48566.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-48566
		https://bugs.python.org/issue40791
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48566
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
		https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
		https://security.netapp.com/advisory/ntap-20231006-0013/
2238753		https://bugzilla.redhat.com/show_bug.cgi?id=2238753
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:converged_systems_advisor_agent:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:converged_systems_advisor_agent:-:::::::*
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2022-48566		https://nvd.nist.gov/vuln/detail/CVE-2022-48566
USN-6400-1		https://usn.ubuntu.com/6400-1/
USN-6891-1		https://usn.ubuntu.com/6891-1/
USN-7180-1		https://usn.ubuntu.com/7180-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48566.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48566

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48566

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48566

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14797
EPSS Score	0.00057
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.