Buffer overflow in Pyca Cryptography

CVE-2026-39892

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this co…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (6.8th percentile) — read the EPSS interpretation.

Affected products

Pyca Cryptography — versions >= 45.0.0, < 46.0.7

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq (x_refsource_CONFIRM)