PT-2026-3301 · Pypi+3 · Pyasn1+3
Tsigouris007
·
Published
2026-01-01
·
Updated
2026-03-30
·
CVE-2026-23490
CVSS v3.1
7.5
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
pyasn1 versions prior to 0.6.2
Description
pyasn1, a generic ASN.1 library for Python, contains a denial-of-service issue. The issue stems from incorrect handling of malformed RELATIVE-OIDs with excessive continuation octets during decoding. An attacker can exploit this by providing a crafted input that causes the library to consume excessive memory, potentially leading to a denial of service. The vulnerability is triggered by the
decode function when processing maliciously crafted ASN.1 data. The issue can affect systems utilizing pyasn1 for tasks such as LDAP servers, TLS/SSL endpoints, and OCSP responders. A proof-of-concept demonstrates the ability to exhaust memory by sending a payload with numerous continuation octets.Recommendations
Update pyasn1 to version 0.6.2 or later.
Exploit
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Rocky Linux
Ubuntu
Pyasn1