PT-2026-58287 · Pypi · Pyasn1

CVE-2026-59885

·

Published

2026-07-14

·

Updated

2026-07-14

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions pyasn1 versions prior to 0.6.4
Description The BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs. A crafted payload containing an OID with many arcs can cause excessive CPU consumption during the decode() call, leading to a denial of service for applications processing untrusted ASN.1 data. Similarly, the encoders exhibit the same quadratic behavior when re-encoding previously decoded attacker-supplied values.
Recommendations Update pyasn1 to version 0.6.4.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59885
GHSA-8PPF-4F7H-5PPJ

Affected Products

Pyasn1