Back

Multiple pyasn1 Vulnerabilities Lead to Denial of Service Risks

Severity: Medium (Score: 57.8)

Sources: Ubuntu, Linuxsecurity

Summary

Two vulnerabilities in the pyasn1 library have been identified, allowing attackers to exploit uncontrolled recursion when decoding malformed ASN.1 data. The first vulnerability, CVE-2026-23490, was published on January 16, 2026, and can exhaust system resources, potentially leading to a denial of service. The second vulnerability, CVE-2026-30922, published on March 18, 2026, also allows for resource exhaustion through similar means. Both vulnerabilities can be triggered by specially crafted input, affecting systems that utilize pyasn1 for certificate decoding. Users are advised to update their systems to mitigate these risks. The vulnerabilities pose a significant threat to any systems relying on pyasn1, particularly in environments where certificate validation is critical. The recommended action is to apply standard system updates to ensure protection against these vulnerabilities. Key Points: • Two critical vulnerabilities in pyasn1 can lead to denial of service attacks. • CVE-2026-23490 and CVE-2026-30922 exploit uncontrolled recursion in ASN.1 decoding. • Users should update their systems to mitigate the risks associated with these vulnerabilities.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-23490 (cve)
  • CVE-2026-30922 (cve)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed