๐Ÿ” CVE Alert

CVE-2026-59884

HIGH 7.5

pyasn1 BER/CER/DER decoder denial of service via unbounded long-form tag IDs

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.

CWE CWE-400
Vendor pyasn1
Product pyasn1
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for pyasn1 pyasn1

Be the first to know when new high vulnerabilities affecting pyasn1 pyasn1 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

pyasn1 / pyasn1
< 0.6.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/pyasn1/pyasn1/security/advisories/GHSA-m4p7-r5rc-7g4j github.com: https://github.com/pyasn1/pyasn1/commit/628e36ecbb5277a3f01572ce418ef54271b165a5 github.com: https://github.com/pyasn1/pyasn1/releases/tag/v0.6.4