High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-23490
HighVulnerability Description
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Known Affected Software
1 configuration(s) from 1 vendor(s)
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CPUAPR2026
Oracle Critical Patch Update Advisory - April 2026
CVE-2026-30922
CVE-2026-30922
USN-8134-1
USN-8134-1: pyasn1 vulnerabilities
CVE-2026-23490
CVE-2026-23490
USN-7975-1
USN-7975-1: pyasn1 vulnerability
References & Resources
-
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970security-advisories@github.com Patch
-
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2security-advisories@github.com Product Release Notes
-
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhqsecurity-advisories@github.com Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2026/02/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
Severity Details
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
- Description
- The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- January 16, 2026
