9.8

CVE-2026-39892

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cryptography.IoCryptography SwPlatformpython Version >= 45.0.0 < 46.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.466
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://www.openwall.com/lists/oss-security/2026/04/08/12
Third Party Advisory
Mailing List
Release Notes
https://bugzilla.redhat.com/show_bug.cgi?id=2456735
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39892.json
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:23361
https://access.redhat.com/errata/RHSA-2026:24977
https://access.redhat.com/errata/RHSA-2026:24853
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:22465
https://access.redhat.com/errata/RHSA-2026:22840
https://access.redhat.com/errata/RHSA-2026:24761
https://access.redhat.com/errata/RHSA-2026:24762
https://access.redhat.com/errata/RHSA-2026:20338
https://access.redhat.com/errata/RHSA-2026:22629
https://access.redhat.com/errata/RHSA-2026:24483
https://access.redhat.com/errata/RHSA-2026:24866
https://access.redhat.com/errata/RHSA-2026:37275
https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7295
https://access.redhat.com/security/cve/CVE-2026-39892