[CVE-2022-37454] Buffer overflow in the _sha3 module in python versions <= 3.10

[botovq]

CVE-2022-37454 affects Python versions prior to 3.11. The fix discussed in XKCP's advisory can be adapted to these versions. The discoverer's writeup contains code that might be turned into regression tests.

Python 3.11 and later switched to using tiny_sha3 in GH-32060, so they should not be affected.

Linked PRs

• [3.10] gh-98517: Fix buffer overflows in _sha3 module #98519
• [3.9] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) #98526
• [3.8] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) #98527
• [3.7] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) #98528

[gpshead]

Scope: When Python is linked against OpenSSL 1.1.1 or later, which is true on many modern systems, the OpenSSL provided sha3 implementation will be used instead of the vulnerable bundled _sha3 XKCP module code.

You can tell if your Python 3.10 or earlier is vulnerable by doing the following:

A potentially vulnerable Python if unpatched looks like this:

>>> import hashlib
>>> hashlib.sha3_224
<class '_sha3.sha3_224'>

A non-vulnerable Python looks like this:

>>> import hashlib
>>> hashlib.sha3_224
<built-in function openssl_sha3_224>

Edit update: Python 3.8 and earlier did not delegate sha3 to OpenSSL regardless of version, so those are vulnerable.