CVE-2022-37454: 
Python vulnerability analysis and mitigation

The Keccak XKCP SHA-3 reference implementation before commit fdc6fef contains a critical buffer overflow vulnerability (CVE-2022-37454) discovered by Nicky Mouha. The vulnerability exists in the sponge function interface and allows attackers to execute arbitrary code or eliminate expected cryptographic properties through an integer overflow that results in a buffer overflow (XKCP Advisory, IACR Paper).

The vulnerability stems from an integer overflow in the buffer handling code when processing partial inputs. The issue occurs when handling partial blocks with specific sizes, where at least one has a length of 2^32 - 200 bytes or more. The vulnerability manifests when two partial inputs are processed, with the first being a small input (e.g., 1 byte) followed by a large input near the 32-bit integer limit (SHA-3 Blog). This allows attackers to write beyond buffer boundaries, potentially leading to arbitrary code execution.

The vulnerability can lead to arbitrary code execution, information disclosure, and the ability to eliminate cryptographic properties of the hash function. It affects multiple programming languages and platforms that incorporated the XKCP code, including Python, PHP, PyPy, and other implementations that use the reference code. The vulnerability could also impact cryptographic algorithms that require SHA-3 or its variants, such as the Edwards-curve Digital Signature Algorithm (EdDSA) when using Edwards448 curve (IACR Paper).

The vulnerability has been patched in the XKCP reference implementation with commit fdc6fef. Major programming languages and platforms have released updates to address this issue, including Python (versions 3.8.16, 3.9.16, 3.10.9), PHP (versions 7.4.33, 8.0.25, 8.1.12), and PyPy. Users are strongly advised to upgrade to the patched versions. As a workaround, users can limit the size of partial input data below 2^32 - 200 bytes or process the entire input at once to avoid the queuing functions (XKCP Advisory).

The discovery sparked significant discussion in the cryptographic community, particularly regarding the implementation of cryptographic standards and the importance of thorough security testing. The vulnerability remained undetected for over a decade despite the widespread use of the code, leading to discussions about the need for more rigorous security auditing of cryptographic implementations (HackerNews).