search cancel

Rally CVE-2022-37454

book

Article ID: 253352

calendar_today

Updated On:

Products

CA Agile Central SaaS (Rally)

Issue/Introduction

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Additional information regarding this vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2022-37454

Resolution

Rally does not have SHA3 enabled on SSH and therefore is not affected by this vulnerability