pyasn1 is vulnerable to Denial of Service (DoS)
75
High Risk
The univ.Real type converts its mantissa, base, and exponent to a Python float using exact big-integer exponentiation. A BER/CER/DER-encoded REAL value only a few bytes long can carry a very large exponent, causing this computation to materialize an astronomically large integer. Any operation that triggers float conversion on such a decoded value, including prettyPrint(), str(), comparison, arithmetic, or float(), consumes excessive CPU and memory and hangs the process. The fix uses math.ldexp() for binary values and raises OverflowError for out-of-range decimal exponents without building huge intermediates.
You are affected if you are using a version that falls within the vulnerable range and your application converts, prints, compares, or does arithmetic on decoded ASN.1 REAL values from untrusted sources.
pyasn1 is vulnerable to Denial of Service (DoS) in versions 0.0.13 - 0.6.3.
Upgrade the pyasn1 library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant