PT-2026-58286 · Pypi · Pyasn1

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-59884

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions pyasn1 versions prior to 0.6.4
Description The BER decoder used by CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size. A crafted input can force the construction of an arbitrarily large integer, resulting in CPU cost that grows quadratically and triggering unhandled ValueError exceptions in Python 3.11+ error formatting paths. This affects any application decoding untrusted BER, CER, or DER input.
Recommendations Update to version 0.6.4.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59884
GHSA-M4P7-R5RC-7G4J

Affected Products

Pyasn1