CVE-2022-48566

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
pythonpython
𝑥
< 3.6.13
pythonpython
3.7.0 ≤
𝑥
< 3.7.10
pythonpython
3.8.0 ≤
𝑥
< 3.8.7
pythonpython
3.9.0 ≤
𝑥
< 3.9.1
debiandebian_linux
10.0
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappconverged_systems_advisor_agent
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
7.3.11+dfsg-2+deb12u2
fixed
bullseye
7.3.5+dfsg-2+deb11u2
fixed
bullseye (security)
7.3.5+dfsg-2+deb11u2
fixed
sid
7.3.17+dfsg-2
fixed
trixie
7.3.17+dfsg-2
fixed
python2.7
bullseye
2.7.18-8+deb11u1
fixed
python3.9
bullseye
3.9.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python
bionic
ignored
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
ignored
python2.7
bionic
Fixed 2.7.17-1~18.04ubuntu1.13+esm2
released
focal
needs-triage
jammy
needs-triage
lunar
dne
mantic
dne
noble
dne
trusty
needs-triage
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm7
released
python3.10
bionic
dne
focal
dne
jammy
not-affected
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.11
bionic
dne
focal
dne
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
dne
trusty
dne
xenial
dne
python3.12
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
python3.4
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
needed
xenial
dne
python3.5
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1
released
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm11
released
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm2
released
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm3
released
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm2
released
focal
Fixed 3.8.10-0ubuntu1~20.04
released
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
python3.9
bionic
dne
focal
not-affected
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython2_7-1_0
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
libpython2_7-1_0-32bit
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 12 SP5
3.6.15-55.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
suse enterprise server 12 SP5
3.6.15-55.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
libpython3_6m1_0-32bit
suse enterprise sap 12 SP5
3.6.15-55.1
fixed
suse enterprise server 12 SP5
3.6.15-55.1
fixed
python
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-32bit
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-base
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-base-32bit
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-curses
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-demo
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-devel
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-doc
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-doc-pdf
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-gdbm
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-idle
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-tk
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python-xml
suse enterprise sap 12 SP5
2.7.18-33.26.1
fixed
suse enterprise server 12 SP3
2.7.18-28.105.1
fixed
suse enterprise server 12 SP5
2.7.18-33.26.1
fixed
python3
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-base
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-curses
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-dbm
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-devel
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-idle
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-tk
suse enterprise desktop 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise desktop 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP5
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP6
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.57.1
fixed
python3-tools
suse enterprise server 15 SP3
3.6.15-150300.10.57.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.57.1
fixed
python36
suse enterprise sap 12 SP5
3.6.15-55.1
fixed
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
suse enterprise server 12 SP5
3.6.15-55.1
fixed
python36-base
suse enterprise sap 12 SP5
3.6.15-55.1
fixed
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
suse enterprise server 12 SP5
3.6.15-55.1
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.100.1
fixed
Common Weakness Enumeration
References
https://bugs.python.org/issue40791
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
https://security.netapp.com/advisory/ntap-20231006-0013/
https://bugs.python.org/issue40791
https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
https://security.netapp.com/advisory/ntap-20231006-0013/