PT-2026-58287 · Pypi · Pyasn1
CVE-2026-59885
·
Published
2026-07-14
·
Updated
2026-07-14
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
pyasn1 versions prior to 0.6.4
Description
The BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs. A crafted payload containing an OID with many arcs can cause excessive CPU consumption during the
decode() call, leading to a denial of service for applications processing untrusted ASN.1 data. Similarly, the encoders exhibit the same quadratic behavior when re-encoding previously decoded attacker-supplied values.Recommendations
Update pyasn1 to version 0.6.4.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pyasn1