442 matches found
CVE-2026-59884
A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...
CVE-2026-59886
A remote attacker can exploit this by providing specially crafted BER/CER/DER-encoded ASN.1 data with a large exponent in the REAL value. When the application subsequently prints, logs, compares, or performs arithmetic on the decoded value, this can cause excessive CPU and memory consumption,...
Linux Distros Unpatched Vulnerability : CVE-2026-59884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuatio...
pyasn1: pyasn1: Denial of Service via crafted BER input
A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...
Important: Red Hat Security Advisory: Release of containers for RHOSO 18.0.21
Red Hat OpenStack Services on OpenShift RHOSO 18.0.21 containers are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Linux Distros Unpatched Vulnerability : CVE-2026-59885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time...
Linux Distros Unpatched Vulnerability : CVE-2026-59886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact...
DEBIAN-CVE-2026-59886
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...
CVE-2026-59886
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...
DEBIAN-CVE-2026-59884
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...
CVE-2026-59885
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode call and c...
CVE-2026-59884
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...
CVE-2026-59884 pyasn1 BER/CER/DER decoder denial of service via unbounded long-form tag IDs
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...
CVE-2026-59884
pyasn1 prior to 0.6.4 contains a denial-of-service risk in its BER decoder used by CER/DER codecs: long-form tag IDs can be accumulated without an upper bound, enabling a crafted input to drive CPU usage quadratically and trigger unhandled ValueError paths in Python 3.11+ error formatting. Affect...
CVE-2026-59884 pyasn1 BER/CER/DER decoder denial of service via unbounded long-form tag IDs
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...
CVE-2026-59884
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...
CVE-2026-59885
pyasn1 is a Python ASN.1 library. Before 0.6.4, the BER, CER, and DER decoders (and encoders on re-encode) exhibit quadratic-time processing for OBJECT IDENTIFIER and RELATIVE-OID values, allowing denial of service via crafted OIDs with many arcs. This vulnerability affects decoding/re-encoding o...
CVE-2026-59885
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode call and c...
CVE-2026-59886
Summary: pyasn1 before 0.6.4 contains a vulnerability in the univ.Real ASN.1 type where mantissa/base/exponent are converted to a Python float via exact big-integer exponentiation. This can cause excessive CPU/memory usage when decoding untrusted ASN.1 data and subsequently printing, logging, or ...
CVE-2026-59886 pyasn1: Uncontrolled resource consumption when converting decoded REAL values
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...