← volver
CVE-2026-39892

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

CVSS 6.9 MEDIUMEPSS 0.5%CWE-119
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
pyca · cryptography

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmqhttp://www.openwall.com/lists/oss-security/2026/04/08/12