PT-2026-56852 · Pypi · Pymonocypher
Published
2026-07-09
·
Updated
2026-07-09
·
CVE-2026-53720
CVSS v4.0
5.1
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
Impact
The argon2i 32 implementation does not check the nb blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i 32 will write past the end of the buffer and possibly corrupt the heap.
Patches
Fixed in 4.0.2.8, which now verifies that nb blocks is large enough. See 90ff5b1.
Workarounds
Provide a correctly sized nb blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pymonocypher