diff --git a/src/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.c b/src/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.c
index 86190bee..3ab46f47 100644
--- a/src/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.c
+++ b/src/debugpy/_vendored/pydevd/_pydevd_bundle/pydevd_cython.c
@@ -45633,7 +45633,7 @@ static CYTHON_INLINE PyObject* __Pyx____Pyx_PyUnicode_From_int(int value, Py_ssi
             digit_pos = abs((int)(remaining % (8*8)));
             remaining = (int) (remaining / (8*8));
             dpos -= 2;
-            memcpy(dpos, DIGIT_PAIRS_8 + digit_pos * 2, 2);
+            memcpy(dpos, DIGIT_PAIRS_8 + digit_pos * 2, 2); /* Flawfinder: ignore */
             last_one_off = (digit_pos < 8);
             break;
         case 'd':
diff --git a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
index 8ec4c12a..fdaf87ec 100644
--- a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
+++ b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
@@ -177,6 +177,16 @@ def build_extension(dir_name, extension_name, target_pydevd_name, force_cython,
                 c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pxd", "_pydevd_bundle/pydevd_cython.pxd")
                 c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pyx", "_pydevd_bundle/pydevd_cython.pyx")
 
+                # Suppress Flawfinder false positive (CWE-120) in the Cython 3.x
+                # CIntToPyUnicode boilerplate (`__Pyx____Pyx_PyUnicode_From_int`): the destination
+                # `dpos` is a stack buffer of size `sizeof(int)*3+2`, and `dpos -= 2` immediately
+                # precedes a 2-byte memcpy from the 128-byte constant table `DIGIT_PAIRS_8`
+                # indexed by `digit_pos * 2` where `digit_pos = abs(remaining % 64)`.
+                c_file_contents = c_file_contents.replace(
+                    "            memcpy(dpos, DIGIT_PAIRS_8 + digit_pos * 2, 2);\n",
+                    "            memcpy(dpos, DIGIT_PAIRS_8 + digit_pos * 2, 2); /* Flawfinder: ignore */\n",
+                )
+
                 # Suppress Flawfinder false positive (CWE-120/CWE-20) in the
                 # Cython 3.x ModuleStateLookup boilerplate (`__Pyx_State_ConvertFromInterpIdAsIndex`):
                 # `read` is a bounded pointer iterator (not POSIX read()), and the loop is