7.5

CVE-2026-23490

pyasn1 has a DoS vulnerability in decoder

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pyasn1Pyasn1 SwPlatformpython Version < 0.6.2
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.68% 0.477
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
Patch
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
Product
Release Notes
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/errata/RHSA-2026:13508
https://access.redhat.com/errata/RHSA-2026:13545
https://access.redhat.com/errata/RHSA-2026:13512
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:24866
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:3958
https://access.redhat.com/errata/RHSA-2026:3959
https://access.redhat.com/errata/RHSA-2026:13553
https://access.redhat.com/errata/RHSA-2026:14020
https://access.redhat.com/errata/RHSA-2026:17446
https://access.redhat.com/errata/RHSA-2026:17595
https://access.redhat.com/errata/RHSA-2026:17611
https://access.redhat.com/errata/RHSA-2026:1903
https://access.redhat.com/errata/RHSA-2026:1904
https://access.redhat.com/errata/RHSA-2026:1905
https://access.redhat.com/errata/RHSA-2026:1906
https://access.redhat.com/errata/RHSA-2026:2221
https://access.redhat.com/errata/RHSA-2026:2299
https://access.redhat.com/errata/RHSA-2026:2300
https://access.redhat.com/errata/RHSA-2026:2302
https://access.redhat.com/errata/RHSA-2026:2303
https://access.redhat.com/errata/RHSA-2026:2309
https://access.redhat.com/errata/RHSA-2026:24476
https://access.redhat.com/errata/RHSA-2026:24483
https://access.redhat.com/errata/RHSA-2026:2453
https://access.redhat.com/errata/RHSA-2026:2460
https://access.redhat.com/errata/RHSA-2026:2483
https://access.redhat.com/errata/RHSA-2026:2486
https://access.redhat.com/errata/RHSA-2026:24977
https://access.redhat.com/errata/RHSA-2026:2712
https://access.redhat.com/errata/RHSA-2026:2758
https://access.redhat.com/errata/RHSA-2026:28042
https://access.redhat.com/errata/RHSA-2026:3354
https://access.redhat.com/errata/RHSA-2026:3359
https://access.redhat.com/errata/RHSA-2026:4138
https://access.redhat.com/errata/RHSA-2026:4139
https://access.redhat.com/errata/RHSA-2026:4140
https://access.redhat.com/errata/RHSA-2026:4141
https://access.redhat.com/errata/RHSA-2026:4142
https://access.redhat.com/errata/RHSA-2026:4143
https://access.redhat.com/errata/RHSA-2026:4144
https://access.redhat.com/errata/RHSA-2026:4145
https://access.redhat.com/errata/RHSA-2026:4146
https://access.redhat.com/errata/RHSA-2026:4147
https://access.redhat.com/errata/RHSA-2026:4148
https://access.redhat.com/security/cve/CVE-2026-23490
https://bugzilla.redhat.com/show_bug.cgi?id=2430472
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23490.json