pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Pyasn1 Subscribe
Pyasn1 Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Pyasn1 Subscribe
Pyasn1 Subscribe
Advisories
Source ID Title
Github GHSA Github GHSA GHSA-63vm-454h-vhhq pyasn1 has a DoS vulnerability in decoder
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 cve-icon cve-icon cve-icon
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 cve-icon cve-icon cve-icon
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23490 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23490 cve-icon
History

Tue, 20 Jan 2026 09:15:00 +0900

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 19 Jan 2026 18:45:00 +0900

Type Values Removed Values Added
First Time appeared Pyasn1
Pyasn1 pyasn1
Vendors & Products Pyasn1
Pyasn1 pyasn1

Sat, 17 Jan 2026 05:15:00 +0900

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 17 Jan 2026 04:15:00 +0900

Type Values Removed Values Added
Description pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
Title pyasn1 has a DoS vulnerability in decoder
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-16T19:23:51.965Z

Reserved: 2026-01-13T15:47:41.628Z

Link: CVE-2026-23490

cve-icon Vulnrichment

Updated: 2026-01-16T19:23:44.563Z

cve-icon NVD

Status : Received

Published: 2026-01-16T19:16:19.117

Modified: 2026-01-16T19:16:19.117

Link: CVE-2026-23490

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-16T19:03:36Z

Links: CVE-2026-23490 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-01-19T18:20:14Z

Weaknesses