CVE-2022-37454

Buffer overflow in the _sha3 module in Python 3.10 and older

Description

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Python

Publish Date

October 20, 2022

Modified Date

October 8, 2025

Score Vector

Affected Versions