Description

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Remediation

References

CVE-2022-48566

Related Vulnerabilities

Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3)

WordPress Plugin MemberSonic Lite Security Bypass (1.2)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5480)

WordPress Plugin User Role Editor Cross-Site Scripting (4.37)

WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7)

Severity

High

Classification

CVE-2022-48566 CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities