First published: Tue Aug 22 2023(Updated: )
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Python Python | <3.6.13 | |
Python Python | >=3.7.0<3.7.10 | |
Python Python | >=3.8.0<3.8.7 | |
Python Python | >=3.9.0<3.9.1 | |
Debian Debian Linux | =10.0 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Converged Systems Advisor Agent | ||
debian/pypy3 | 7.3.5+dfsg-2+deb11u2 7.3.5+dfsg-2+deb11u4 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-3 | |
debian/python2.7 | 2.7.18-8+deb11u1 | |
debian/python3.9 | 3.9.2-1 3.9.2-1+deb11u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-48566 is a vulnerability discovered in Python through 3.9.1 that allows for constant-time-defeating optimizations in the accumulator variable of hmac.compare_digest.
CVE-2022-48566 has a severity score of 8.1, which is classified as high.
Python versions 3.6.0 through 3.9.1 are affected. Additionally, specific versions of Python 2.7 and 3.5 for Ubuntu and Python 2.7, 3.7, and 3.9 for Debian are also affected.
To fix CVE-2022-48566, update your Python installation to the latest patched version available for your operating system.
More information about CVE-2022-48566 can be found at the following references: [1] [2] [3]