PT-2026-31459 · Pypi · Cryptography
Published
2026-04-08
·
Updated
2026-05-11
·
CVE-2026-39892
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
cryptography versions 45.0.0 through 46.0.6
Description
The cryptography package, designed for cryptographic primitives in Python, contains a flaw where non-contiguous buffers passed to APIs accepting Python buffers (e.g.,
Hash.update()) can lead to buffer overflows. This issue affects Python versions greater than 3.11.Recommendations
Update to cryptography version 46.0.7 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cryptography