9.8
CVE-2026-39892
- EPSS 0.65%
- Veröffentlicht 08.04.2026 20:49:41
- Zuletzt bearbeitet 10.07.2026 12:16:46
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
cryptography has a buffer overflow if non-contiguous buffers were passed to APIs
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cryptography.Io ≫ Cryptography SwPlatformpython Version >= 45.0.0 < 46.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.466 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-131 Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
http://www.openwall.com/lists/oss-security/2026/04/08/12
https://bugzilla.redhat.com/show_bug.cgi?id=2456735
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39892.json
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:23361
https://access.redhat.com/errata/RHSA-2026:24977
https://access.redhat.com/errata/RHSA-2026:24853
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:22465
https://access.redhat.com/errata/RHSA-2026:22840
https://access.redhat.com/errata/RHSA-2026:24761
https://access.redhat.com/errata/RHSA-2026:24762
https://access.redhat.com/errata/RHSA-2026:20338
https://access.redhat.com/errata/RHSA-2026:22629
https://access.redhat.com/errata/RHSA-2026:24483
https://access.redhat.com/errata/RHSA-2026:24866
https://access.redhat.com/errata/RHSA-2026:37275
https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
https://access.redhat.com/errata/RHSA-2026:7295
https://access.redhat.com/security/cve/CVE-2026-39892