Intel

AIKIDO-2026-27979

pyasn1 is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2026-59884 Published 3 days ago

75

High Risk

This Affects:

PYTHONpyasn1
0.0.13 - 0.6.3
Fixed in 0.6.4
Are you affected? Scan for Free

TL;DR

The BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets in a loop with no upper bound on the tag ID size. A crafted substrate can force the decoder to build an arbitrarily large integer, with CPU and memory cost growing quadratically in input size. On Python 3.11+ the oversized tag ID can also raise an unhandled ValueError from the integer-to-string conversion limit while formatting error messages, breaking the PyAsn1Error contract. The fix limits long-form tag IDs to 20 octets, rejects longer ones with PyAsn1Error, and hardens tag repr rendering.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application decodes untrusted BER/CER/DER ASN.1 input.

Background info

pyasn1 is vulnerable to Denial of Service (DoS) in versions 0.0.13 - 0.6.3.

How to fix this

Upgrade the pyasn1 library to the patch version.