top of page
perceptive_background_267k.jpg

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recu…

Published:

17 March 2026 at 23:00:00

Alert date:

18 March 2026 at 05:03:10

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies

The pyasn1 library for Python prior to version 0.6.3 is vulnerable to a Denial of Service attack through uncontrolled recursion when decoding ASN.1 data with deeply nested structures. Attackers can craft payloads with thousands of nested SEQUENCE or SET tags with Indefinite Length markers, causing the decoder to recursively call itself until the Python interpreter crashes with RecursionError or consumes all available memory. This vulnerability is distinct from CVE-2026-23490 which addressed integer overflows in OID decoding. Version 0.6.3 contains the fix for this specific recursion issue.

Technical details

Mitigation steps:

Affected products:

pyasn1

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-30922
https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page