First published: Wed Nov 29 2023(Updated: )
Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-sha3 | <1.0.2-4.2ubuntu0.22.04.1 | 1.0.2-4.2ubuntu0.22.04.1 |
=22.04 | ||
All of | ||
ubuntu/python3-sha3 | <1.0.2-4ubuntu0.1 | 1.0.2-4ubuntu0.1 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of USN-6525-1 is CVE-2022-37454.
The pysha3 vulnerability can result in a denial of service or possible execution of arbitrary code.
The pysha3 vulnerability affects python3-sha3 version 1.0.2-4.2ubuntu0.22.04.1 on Ubuntu 22.04 and version 1.0.2-4ubuntu0.1 on Ubuntu 20.04.
To fix the pysha3 vulnerability, update the python3-sha3 package to the recommended version provided by Ubuntu.
You can find more information about the pysha3 vulnerability in the Ubuntu security notices USN-5717-1 and USN-5767-1.