Sign In

CVE-2026-39892

ADVISORY - github

Summary

If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. For example:

h = Hash(SHA256())
b.update(buf[::-1])

would read past the end of the buffer on Python >3.11

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ADVISORY - github

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-39892
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-119

CVSS SCORE

6.9medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-p423-j2cm-9vmq
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-119

CVSS SCORE

6.9medium