Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-23490

Опубликовано: 16 янв. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Fence Agents Remediation Operatorworkload-availability/fence-agents-remediation-rhel9-operatorAffected
Migration Toolkit for Containersrhmtc/openshift-migration-hook-runner-rhel8Affected
Migration Toolkit for Containersrhmtc/openshift-migration-rhel8-operatorAffected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-rhel9-operatorAffected
Migration Toolkit for Virtualizationmtv-candidate/mtv-rhel9-operatorAffected
OpenShift Lightspeedopenshift-lightspeed/lightspeed-ocp-rag-rhel9Affected
OpenShift Lightspeedopenshift-lightspeed/lightspeed-service-api-rhel9Affected
OpenShift Lightspeedopenshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9Affected
OpenShift Service Mesh 2openshift-service-mesh/grafana-rhel8Affected
OpenShift Service Mesh 2openshift-service-mesh/istio-cni-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2430472pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

EPSS

Процентиль: 6%
0.00021
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-23490

CVSS3: 7.5
ubuntu
2 месяца назад

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

nvd логотип

CVE-2026-23490

CVSS3: 7.5
nvd
2 месяца назад

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

msrc логотип

CVE-2026-23490

msrc
2 месяца назад

pyasn1 has a DoS vulnerability in decoder

debian логотип

CVE-2026-23490

CVSS3: 7.5
debian
2 месяца назад

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial ...

suse-cvrf логотип

openSUSE-SU-2026:20089-1

suse-cvrf
2 месяца назад

Security update for python-pyasn1

EPSS

Процентиль: 6%
0.00021
Низкий

7.5 High

CVSS3