Vulnerability Description
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Python | < 3.6.13 |
| Debian | Debian Linux | 10.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Converged Systems Advisor Agent | - |
Related Weaknesses (CWE)
References
- https://bugs.python.org/issue40791ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/09/msg00022.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00017.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20231006-0013/Third Party Advisory
- https://bugs.python.org/issue40791ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/09/msg00022.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00017.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20231006-0013/Third Party Advisory
FAQ
What is CVE-2022-48566?
CVE-2022-48566 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
How severe is CVE-2022-48566?
CVE-2022-48566 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48566?
Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp Converged Systems Advisor Agent.