VYPR
Unrated severityNVD Advisory· Published Jul 16, 2026

Debian pyasn1: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder sh…

CVE-2026-59884

Description

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.

Affected products

1

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.

CVE-2026-59884 · VYPR