Unrated severityNVD Advisory· Published Jul 16, 2026
Debian pyasn1: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder sh…
CVE-2026-59884
Description
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
Affected products
1Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.