Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Pyasn1
Pyasn1 pyasn1 |
|
| Vendors & Products |
Pyasn1
Pyasn1 pyasn1 |
Tue, 14 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4. | |
| Title | pyasn1 BER/CER/DER decoder denial of service via unbounded long-form tag IDs | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T13:50:29.814Z
Reserved: 2026-07-07T16:40:07.982Z
Link: CVE-2026-59884
Updated: 2026-07-15T13:50:21.691Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T11:00:13Z