VDB
CVE-2026-39892
CVE-2026-39892
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
EPSS 0.02% · 6.9th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.02%
6.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | cryptography | 45.0.0 |
| pyca | cryptography | >= 45.0.0, < 46.0.7 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2026/04/08/12 (circl)
- https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq (circl)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
- tmp_audit.json (github-poc)
…and 56 more exploits
Timeline
- Apr 8, 2026 CVE Published
- Apr 9, 2026 Security Advisory
- Apr 11, 2026 EPSS Score
- Apr 15, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://github.com/pyca/cryptography package
- https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq url
- http://www.openwall.com/lists/oss-security/2026/04/08/12 url
- https://www.ibm.com/support/pages/node/7271707 advisory
- https://www.ibm.com/support/pages/node/7271922 advisory
- https://www.ibm.com/support/pages/node/7271681 advisory
- https://www.ibm.com/support/pages/node/7271765 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448 advisory
…and 21 more