NIXPKGS-2026-0021

published on

Permalink CVE-2026-23490

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 3 weeks ago
@LeSuisse removed package python312Packages.pysnmp-pyasn1 2 months, 3 weeks ago
@LeSuisse removed package python313Packages.pysnmp-pyasn1 2 months, 3 weeks ago
@LeSuisse removed package python312Packages.pyasn1-modules 2 months, 3 weeks ago
@LeSuisse removed package python313Packages.pyasn1-modules 2 months, 3 weeks ago
@LeSuisse accepted 2 months, 3 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

pyasn1 has a DoS vulnerability in decoder

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

References

https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq x_refsource_CONFIRM
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 x_refsource_MISC
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 x_refsource_MISC
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq x_refsource_CONFIRM
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 x_refsource_MISC
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html

Affected products

pyasn1

==< 0.6.2

Matching in nixpkgs

pkgs.python312Packages.pyasn1

Generic ASN.1 library for Python

nixos-unstable pyasn1-0.6.1
- nixpkgs-unstable pyasn1-0.6.1
- nixos-unstable-small pyasn1-0.6.1

pkgs.python313Packages.pyasn1