PT-2026-56852 · Pypi · Pymonocypher
Publicado
2026-07-09
·
Atualizado
2026-07-09
·
CVE-2026-53720
CVSS v4.0
5.1
Média
| Vetor | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
Impact
The argon2i 32 implementation does not check the nb blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i 32 will write past the end of the buffer and possibly corrupt the heap.
Patches
Fixed in 4.0.2.8, which now verifies that nb blocks is large enough. See 90ff5b1.
Workarounds
Provide a correctly sized nb blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.
Correção
Heap Based Buffer Overflow
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Pymonocypher