pyasn1 is vulnerable to Denial of Service (DoS)
75
High Risk
The BER/CER/DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs. A small crafted payload of tens of kilobytes containing an OID with many arcs consumes seconds of CPU per decode() call, enabling denial of service in any application that decodes untrusted ASN.1 data such as certificates, LDAP, SNMP, or Kerberos. The matching encoders share the same quadratic behavior when re-encoding decoded attacker-supplied values. The fix accumulates arcs in linear time in both the decoders and encoders while leaving decoded values unchanged.
You are affected if you are using a version that falls within the vulnerable range and your application decodes or re-encodes untrusted ASN.1 data.
pyasn1 is vulnerable to Denial of Service (DoS) in versions 0.0.13 - 0.6.3.
Upgrade the pyasn1 library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant