VDB

ALPINE-CVE-2026-39892

ALPINE-CVE-2026-39892 PUBLISHED CVSS 9.800000190734863 CRITICAL

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.23py3-cryptography0, 0.6.1-r0, 0.8.2-r0

Timeline

  • Apr 8, 2026 CVE Published
  • Apr 24, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›