CVE-2026-23490

Summary

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Affected Software

VendorProductVersion RangeStatus
pyasn1pyasn1< 0.6.2affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

Additional References

References