Intel

AIKIDO-2026-746993

pyasn1 is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2026-59885 Published 3 days ago

75

High Risk

This Affects:

PYTHONpyasn1
0.0.13 - 0.6.3
Fixed in 0.6.4
Are you affected? Scan for Free

TL;DR

The BER/CER/DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs. A small crafted payload of tens of kilobytes containing an OID with many arcs consumes seconds of CPU per decode() call, enabling denial of service in any application that decodes untrusted ASN.1 data such as certificates, LDAP, SNMP, or Kerberos. The matching encoders share the same quadratic behavior when re-encoding decoded attacker-supplied values. The fix accumulates arcs in linear time in both the decoders and encoders while leaving decoded values unchanged.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application decodes or re-encodes untrusted ASN.1 data.

Background info

pyasn1 is vulnerable to Denial of Service (DoS) in versions 0.0.13 - 0.6.3.

How to fix this

Upgrade the pyasn1 library to the patch version.