Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-8F95-V3JQ-CJ86

    Vulnerability from github – Published: 2026-07-09 13:42 – Updated: 2026-07-09 13:42
    VLAI
    Summary
    pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
    Details

    Impact

    The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.

    Patches

    Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1.

    Workarounds

    Provide a correctly sized nb_blocks buffer.

    pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pymonocypher"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "4.0.2.8"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-53720"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-122",
          "CWE-1284",
          "CWE-787"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-07-09T13:42:46Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "### Impact\nThe argon2i_32 implementation does not check the nb_blocks size.  If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.\n\n### Patches\nFixed in 4.0.2.8, which now verifies that nb_blocks is large enough.  See [90ff5b1](https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86).\n\n### Workarounds\nProvide a correctly sized nb_blocks buffer.\n\npymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.",
      "id": "GHSA-8f95-v3jq-cj86",
      "modified": "2026-07-09T13:42:46Z",
      "published": "2026-07-09T13:42:46Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/jetperch/pymonocypher/security/advisories/GHSA-8f95-v3jq-cj86"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/jetperch/pymonocypher"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small"
    }

    PYSEC-2026-3000

    Vulnerability from pysec - Published: 2026-07-13 15:46 - Updated: 2026-07-13 16:05
    VLAI
    Details

    Impact

    The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.

    Patches

    Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1.

    Workarounds

    Provide a correctly sized nb_blocks buffer.

    pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

    Impacted products
    Name purl
    pymonocypher pkg:pypi/pymonocypher

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pymonocypher",
            "purl": "pkg:pypi/pymonocypher"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "4.0.2.8"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.1.1",
            "0.1.2",
            "0.1.3",
            "0.1.4",
            "3.1.0.0",
            "3.1.3.0",
            "3.1.3.1",
            "3.1.3.2",
            "3.1.3.3",
            "3.1.3.4",
            "3.1.3.5",
            "3.1.3.6",
            "4.0.2.1",
            "4.0.2.2",
            "4.0.2.3",
            "4.0.2.4",
            "4.0.2.5",
            "4.0.2.6",
            "4.0.2.7"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-53720",
        "GHSA-8f95-v3jq-cj86"
      ],
      "details": "### Impact\nThe argon2i_32 implementation does not check the nb_blocks size.  If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.\n\n### Patches\nFixed in 4.0.2.8, which now verifies that nb_blocks is large enough.  See [90ff5b1](https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86).\n\n### Workarounds\nProvide a correctly sized nb_blocks buffer.\n\npymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.",
      "id": "PYSEC-2026-3000",
      "modified": "2026-07-13T16:05:55.334297Z",
      "published": "2026-07-13T15:46:30.235469Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/jetperch/pymonocypher/security/advisories/GHSA-8f95-v3jq-cj86"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/jetperch/pymonocypher"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/pymonocypher"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-8f95-v3jq-cj86"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53720"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small"
    }