ГлавнаяУязвимости → CVE-2026-39892
9.8критическая

CVE-2026-39892

Описание

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Затрагиваемое ПО
Cryptography.io Cryptography
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmqhttp://www.openwall.com/lists/oss-security/2026/04/08/12https://access.redhat.com/errata/RHSA-2026:19375https://access.redhat.com/errata/RHSA-2026:20338https://access.redhat.com/errata/RHSA-2026:21017https://access.redhat.com/errata/RHSA-2026:22465https://access.redhat.com/errata/RHSA-2026:22629https://access.redhat.com/errata/RHSA-2026:22840