7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
References
- https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r x_refsource_CONFIRM
- https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0 x_refsource_MISC
Affected products
- ==< 0.6.3
Matching in nixpkgs
pkgs.python312Packages.pyasn1
Generic ASN.1 library for Python
-
nixos-25.11 pyasn1-0.6.2
- nixos-25.11-small pyasn1-0.6.2
- nixpkgs-25.11-darwin pyasn1-0.6.2
pkgs.python313Packages.pyasn1
Generic ASN.1 library for Python
-
nixos-unstable pyasn1-0.6.2
- nixpkgs-unstable pyasn1-0.6.2
- nixos-unstable-small pyasn1-0.6.2
-
nixos-25.11 pyasn1-0.6.2
- nixos-25.11-small pyasn1-0.6.2
- nixpkgs-25.11-darwin pyasn1-0.6.2
pkgs.python314Packages.pyasn1
Generic ASN.1 library for Python
-
nixos-unstable pyasn1-0.6.2
- nixpkgs-unstable pyasn1-0.6.2
- nixos-unstable-small pyasn1-0.6.2
pkgs.python312Packages.pysnmp-pyasn1
Python ASN.1 encoder and decoder
-
nixos-25.11 pyasn1-1.1.3
- nixos-25.11-small pyasn1-1.1.3
- nixpkgs-25.11-darwin pyasn1-1.1.3
pkgs.python313Packages.pysnmp-pyasn1
Python ASN.1 encoder and decoder
-
nixos-unstable pyasn1-1.1.3
- nixpkgs-unstable pyasn1-1.1.3
- nixos-unstable-small pyasn1-1.1.3
-
nixos-25.11 pyasn1-1.1.3
- nixos-25.11-small pyasn1-1.1.3
- nixpkgs-25.11-darwin pyasn1-1.1.3
pkgs.python314Packages.pysnmp-pyasn1
Python ASN.1 encoder and decoder
-
nixos-unstable pyasn1-1.1.3
- nixpkgs-unstable pyasn1-1.1.3
- nixos-unstable-small pyasn1-1.1.3
pkgs.python312Packages.pyasn1-modules
Collection of ASN.1-based protocols modules
-
nixos-25.11 pyasn1-modules-0.4.2
- nixos-25.11-small pyasn1-modules-0.4.2
- nixpkgs-25.11-darwin pyasn1-modules-0.4.2
pkgs.python313Packages.pyasn1-modules
Collection of ASN.1-based protocols modules
-
nixos-unstable pyasn1-modules-0.4.2
- nixpkgs-unstable pyasn1-modules-0.4.2
- nixos-unstable-small pyasn1-modules-0.4.2
-
nixos-25.11 pyasn1-modules-0.4.2
- nixos-25.11-small pyasn1-modules-0.4.2
- nixpkgs-25.11-darwin pyasn1-modules-0.4.2
pkgs.python314Packages.pyasn1-modules
Collection of ASN.1-based protocols modules
-
nixos-unstable pyasn1-modules-0.4.2
- nixpkgs-unstable pyasn1-modules-0.4.2
- nixos-unstable-small pyasn1-modules-0.4.2
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>