CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-8f95-v3jq-cj86: pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small

mediumCVE-2026-53720
Impact The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap. Patches Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1. Workarounds Provide a correctly sized nb_blocks buffer. pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium
Published
2026-07-09
Last updated
2026-07-09
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-8f95-v3jq-cj86

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-53720coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories