Critical Buffer Overflow in Keccak XKCP SHA-3 Implementation (CVE-2022-37454)

3 min read

Executive Summary

CVE-2022-37454 is a critical buffer overflow vulnerability affecting implementations of the SHA-3 cryptographic hash function, specifically within the Keccak XKCP SHA-3 reference implementation. This vulnerability arises from an integer overflow that leads to a buffer overflow, potentially allowing attackers to execute arbitrary code or compromise the cryptographic properties of the SHA-3 hash function. The vulnerability is present in the sponge function interface of the implementation. While there are no specific APT groups or targeted sectors and countries associated with this vulnerability, its potential impact on cryptographic systems makes it a significant concern for any organization relying on SHA-3 implementations.

Technical Information

The vulnerability, identified as CVE-2022-37454, is rooted in the Keccak XKCP SHA-3 reference implementation. It is classified under CWE-190: Integer Overflow or Wraparound. The issue arises when processing data sizes that exceed the capacity of a 32-bit integer, leading to a buffer overflow. This vulnerability is particularly prevalent in systems where Python is linked against OpenSSL versions prior to 1.1.1, as the vulnerable _sha3 module is used instead of the OpenSSL-provided implementation.

Affected systems include Python versions from 3.6.0 up to (excluding) 3.11.0 when using the vulnerable _sha3 module, PHP versions from 7.2.0 up to (excluding) 7.4.33, 8.0.0 up to (excluding) 8.0.25, and 8.1.0 up to (excluding) 8.1.12. Additionally, systems using the Keccak XKCP SHA-3 reference implementation before commit

fdc6fef

and various distributions and software packages that rely on the vulnerable SHA-3 implementation, including certain versions of Debian (10.0, 11.0) and Fedora (35, 36), are affected.

A proof of concept for this vulnerability has been demonstrated using Python and PHP scripts that cause a segmentation fault by attempting to write more data to a buffer than it can hold. This behavior is unexpected in "safe" languages like Python and PHP, highlighting the underlying issue in the C language implementation.

Exploitation in the Wild

The vulnerability has been actively discussed in the cybersecurity community, with proof-of-concept exploits available. The vulnerability can be exploited to create preimages, violating the cryptographic integrity of the hash function. There are no confirmed reports of this vulnerability being exploited in the wild for malicious purposes, but the potential for exploitation remains high due to the critical nature of the vulnerability.

APT Groups using this vulnerability

Currently, there are no specific APT groups known to be exploiting CVE-2022-37454. However, given the vulnerability's potential impact on cryptographic systems, it remains a significant concern for organizations relying on SHA-3 implementations.

Affected Product Versions

The affected product versions include Python versions from 3.6.0 up to (excluding) 3.11.0 when using the vulnerable _sha3 module, PHP versions from 7.2.0 up to (excluding) 7.4.33, 8.0.0 up to (excluding) 8.0.25, and 8.1.0 up to (excluding) 8.1.12. Systems using the Keccak XKCP SHA-3 reference implementation before commit

fdc6fef

and various distributions and software packages that rely on the vulnerable SHA-3 implementation, including certain versions of Debian (10.0, 11.0) and Fedora (35, 36), are also affected.

Workaround and Mitigation

To mitigate the risk posed by CVE-2022-37454, organizations should upgrade to Python 3.11 or later, which uses the tiny_sha3 implementation and is not affected by this vulnerability. Patches provided by the XKCP project and other vendors should be applied to address the buffer overflow in affected systems. For systems unable to upgrade, it is recommended to ensure that Python is linked against OpenSSL 1.1.1 or later to use the non-vulnerable SHA-3 implementation.

References

For further information, please refer to the following resources: NVD CVE-2022-37454, GitHub Issue on Python/cpython, XKCP Security Advisory, Debian Security Advisory, Fedora Mailing List Advisory, and SHA-3 Buffer Overflow by Nicky Mouha.

Rescana is here for you

At Rescana, we are committed to helping our customers navigate the complex landscape of cybersecurity threats. Our Continuous Threat and Exposure Management (CTEM) platform is designed to provide comprehensive insights into potential vulnerabilities and threats, enabling organizations to proactively manage their security posture. We are happy to answer any questions you might have about this report or any other issue at ops@rescana.com.