Zurück zur CVE-Übersicht
CVE-2026-39892
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
GitHub Advisories
GHSA-p423-j2cm-9vmqMEDIUM
Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
pip/cryptography→ 46.0.7
GitHub AdvisoryReferenzen
- https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
- http://www.openwall.com/lists/oss-security/2026/04/08/12
- https://access.redhat.com/errata/RHSA-2026:19375
- https://access.redhat.com/errata/RHSA-2026:20338
- https://access.redhat.com/errata/RHSA-2026:21017
- https://access.redhat.com/errata/RHSA-2026:22465
- https://access.redhat.com/errata/RHSA-2026:22629
- https://access.redhat.com/errata/RHSA-2026:22840
- https://access.redhat.com/errata/RHSA-2026:23361
- https://access.redhat.com/errata/RHSA-2026:24483