PT-2026-31459 · Pypi · Cryptography
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
cryptography versions 45.0.0 through 46.0.6
Description
The cryptography package, designed for cryptographic primitives in Python, contains a flaw where non-contiguous buffers passed to APIs accepting Python buffers (e.g.,
Hash.update()) can lead to buffer overflows. This issue affects Python versions greater than 3.11.Recommendations
Update to cryptography version 46.0.7 or later.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cryptography