Количество 6
Количество 6
CVE-2026-30922
(pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...)
CVE-2026-30922
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
CVE-2026-30922
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
CVE-2026-30922
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVE-2026-30922
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...
GHSA-jr27-m4p2-rc6r
Denial of Service in pyasn1 via Unbounded Recursion
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...) | CVSS3: 7.5 | 0% Низкий | 9 дней назад |
 | CVE-2026-30922 An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application. | CVSS3: 7.5 | 0% Низкий | 9 дней назад |
 | CVE-2026-30922 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue. | CVSS3: 7.5 | 0% Низкий | 9 дней назад |
 | CVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded Recursion | 0% Низкий | 6 дней назад | |
| CVE-2026-30922 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ... | CVSS3: 7.5 | 0% Низкий | 9 дней назад |
| GHSA-jr27-m4p2-rc6r Denial of Service in pyasn1 via Unbounded Recursion | CVSS3: 7.5 | 0% Низкий | 9 дней назад |
Уязвимостей на страницу