pyasn1 is vulnerable to Denial of Service (DoS)
75
High Risk
The BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets in a loop with no upper bound on the tag ID size. A crafted substrate can force the decoder to build an arbitrarily large integer, with CPU and memory cost growing quadratically in input size. On Python 3.11+ the oversized tag ID can also raise an unhandled ValueError from the integer-to-string conversion limit while formatting error messages, breaking the PyAsn1Error contract. The fix limits long-form tag IDs to 20 octets, rejects longer ones with PyAsn1Error, and hardens tag repr rendering.
You are affected if you are using a version that falls within the vulnerable range and your application decodes untrusted BER/CER/DER ASN.1 input.
pyasn1 is vulnerable to Denial of Service (DoS) in versions 0.0.13 - 0.6.3.
Upgrade the pyasn1 library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant