Python 3.9.1 HMAC.compare_digest Constant-Time Defeat via Accumulator
CVE-2022-48566 Published on August 22, 2023

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

NVD

Products Associated with CVE-2022-48566

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-48566 are published in these products:

Python

Debian Linux

NetApp Active Iq Unified Manager

NetApp Converged Systems Advisor Agent

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.10%

Percentile

27.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Python 3.9.1 HMAC.compare_digest Constant-Time Defeat via AccumulatorCVE-2022-48566 Published on August 22, 2023

Products Associated with CVE-2022-48566

Exploit Probability

Python 3.9.1 HMAC.compare_digest Constant-Time Defeat via Accumulator
CVE-2022-48566 Published on August 22, 2023