Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-48566

Опубликовано: 22 авг. 2023
Источник: debian

Описание

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.9fixed3.9.1~rc1-1package
python3.7removedpackage
python2.7removedpackage
python2.7fixed2.7.18-8+deb11u1bullseyepackage
pypy3fixed7.3.5+dfsg-2package

Примечания

  • https://bugs.python.org/issue40791

  • https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2)

  • https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1)

  • https://github.com/python/cpython/commit/db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe (v3.7.10)

  • https://github.com/python/cpython/commit/8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a (v3.6.13)

  • https://github.com/pypy/pypy/commit/5a6b88b9e00053538a4cba1a9b4b92fbe619a33a (release-pypy3.7-v7.3.4rc1)

  • https://github.com/python/cpython/issues/84968

Связанные уязвимости

ubuntu логотип

CVE-2022-48566

CVSS3: 5.9
ubuntu
почти 2 года назад

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

redhat логотип

CVE-2022-48566

CVSS3: 5.9
redhat
почти 2 года назад

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

nvd логотип

CVE-2022-48566

CVSS3: 5.9
nvd
почти 2 года назад

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

github логотип

GHSA-cgfh-jp5w-8cmx

CVSS3: 8.1
github
почти 2 года назад

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

fstec логотип

BDU:2023-06654

CVSS3: 8.1
fstec
больше 2 лет назад

Уязвимость функции hmac.compare_digest библиотеки Lib/hmac.py интерпретатора языка программирования Python, позволяющая нарушителю повысить свои привилегии