PT-2026-56852 · Pypi · Pymonocypher

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-53720

CVSS v4.0

5.1

Média

VetorAV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Impact

The argon2i 32 implementation does not check the nb blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i 32 will write past the end of the buffer and possibly corrupt the heap.

Patches

Fixed in 4.0.2.8, which now verifies that nb blocks is large enough. See 90ff5b1.

Workarounds

Provide a correctly sized nb blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

Correção

Heap Based Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-53720
GHSA-8F95-V3JQ-CJ86

Produtos afetados

Pymonocypher