Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2022-48566

Published: 22/08/2023 Updated: 13/10/2023
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Python

Vulnerability Summary

An issue exists in compare_digest in Lib/hmac.py in Python up to and including 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Vulnerable Product Search on Vulmon Subscribe to Product

python python

debian debian linux 10.0

netapp active iq unified manager -

netapp converged systems advisor agent -

Vendor Advisories

Amazon Linux 2: ALAS-2024-2400
An issue was discovered in compare_digest in Lib/hmacpy in Python through 391 Constant-time-defeating optimisations were possible in the accumulator variable in hmaccompare_digest (CVE-2022-48566) ...

References

CWE-362https://bugs.python.org/issue40791https://lists.debian.org/debian-lts-announce/2023/09/msg00022.htmlhttps://security.netapp.com/advisory/ntap-20231006-0013/https://lists.debian.org/debian-lts-announce/2023/10/msg00017.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2400.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook