CVE-2026-59885 - pyasn1: Quadratic complexity in OBJECT IDENTIFIER and RELATIVE-OID processing allows denial of service

CVE ID :CVE-2026-59885
Published : July 14, 2026, 5:17 p.m. | 59 minutes ago
Description :pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/8qbdFst
via IFTTT

Maloy Roy Orko

I am Maloy Roy Orko. An aspiring security researcher. Learning New Fields and Strategies Since 2019. 💻

Post a Comment

Please Select Embedded Mode To Show The Comment System.*

Previous Post Next Post