PT-2026-56852 · Pypi · Pymonocypher

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-53720

CVSS v4.0

5.1

Medium

VectorAV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Impact

The argon2i 32 implementation does not check the nb blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i 32 will write past the end of the buffer and possibly corrupt the heap.

Patches

Fixed in 4.0.2.8, which now verifies that nb blocks is large enough. See 90ff5b1.

Workarounds

Provide a correctly sized nb blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-53720
GHSA-8F95-V3JQ-CJ86

Affected Products

Pymonocypher