pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

phpseclib guardrails needed on OID length

Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...

CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3215 (ALAS-2026-3215)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3215 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply neste...

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification. An attacker can bypass signature verification and inject forged signatures by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000699 advisory. The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service panic via an ASN.1 BER file that lacks ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000632 advisory. Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. Tenable has extracted the precedin...

Uncontrolled Recursion

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...

Linux Distros Unpatched Vulnerability : CVE-2025-48965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than...

bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class

A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service DoS issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsi...

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

...

SUSE CVE-2016-0758

Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...

USN-5844-1 openssl vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Corey Bonnell discovered that OpenSSL incorrectly handl...

Ruby OpenSSL::ASN1 Module Buffer Overflow Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.OpenSSL::ASN1 module is one of the ASN1 data decoding modules. A security vulnerability exists in the decryption method of the OpenSSL::ASN1 module in Ruby...

CVE-2016-5080

Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application compiled by ASN1C, via crafted...

UBUNTU-CVE-2016-0758

Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...

PT-2016-4405 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6 Description: The issue allows local users to gain privileges via crafted ASN.1 data due to an integer overflow in lib/asn1 decoder.c. Recommendations: For Linux kernel versions prior to 4.6, update to versio...

CVE-2016-2842

The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or possibly have unspecified other...

DEBIAN-CVE-2016-2842

The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or possibly have unspecified other...