CVE-2022-48566
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2022-48566 is a vulnerability affecting Python versions up to 3.9.1. It lies in the compare_digest function within Lib/hmac.py, where constant-time defeating optimizations could be exploited in the accumulator variable. This weakness, if exploited, could potentially enable attackers to obtain sensitive information, such as cryptographic keys, through side-channel attacks. The vulnerability does not affect the integrity or confidentiality of the data being hashed, but rather the comparison of two hashes. It is important to note that an attacker would need to have access to the system or application using the affected Python version in order to attempt an exploit. Upgrading to a newer version of Python is recommended to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Python
- Debian
Affected Vendors
- Python Software Foundation
- Debian
- NetApp