CVE-2026-23490
pyasn1 has a DoS vulnerability in decoder
Description
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
INFO
Published Date :
Jan. 16, 2026, 7:16 p.m.
Last Modified :
June 30, 2026, 3:17 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
Solution
- Update pyasn1 to version 0.6.2 or later.
- Verify the updated pyasn1 version is in use.
Public PoC/Exploit Available at Github
CVE-2026-23490 has a 2 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-23490.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-23490 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-23490
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Config files for my GitHub profile.
config github-config
None
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-23490 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-23490 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 30, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7::server'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:7::server'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_extras_sap_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server for SAP ELS (v. 7)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_extras_sap_hana_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el8', 'cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8', 'cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5 for RHEL 8', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:17.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 17.1', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el9', 'cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9', 'cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5 for RHEL 9', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el9', 'cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9', 'cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6 for RHEL 9', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ironic:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Ironic content for Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ironic:4.18::el9'], 'vendor': 'Red Hat', 'product': 'Ironic content for Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux HighAvailability (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::highavailability'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux High Availability EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.5::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ceph_storage:8::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Ceph Storage 8', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux_ai:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AI 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai:2.25::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI 2.25', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:stf:1.5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack 1.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:trusted_artifact_signer:1.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Trusted Artifact Signer 1.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:trusted_artifact_signer:1.4::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Trusted Artifact Signer 1.4', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux ResilientStorage (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::resilientstorage'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:lightspeed_core'], 'vendor': 'Red Hat', 'product': 'Lightspeed Core', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhmt:1'], 'vendor': 'Red Hat', 'product': 'Migration Toolkit for Containers', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:migration_toolkit_virtualization:2'], 'vendor': 'Red Hat', 'product': 'Migration Toolkit for Virtualization', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_lightspeed'], 'vendor': 'Red Hat', 'product': 'OpenShift Lightspeed', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_ai'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI (RHOAI)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift:4'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:16.2'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 16.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openstack:18.0'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenStack Platform 18.0', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:quay:3'], 'vendor': 'Red Hat', 'product': 'Red Hat Quay 3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:satellite:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Satellite 6', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ansible_automation_platform:2.6::el10', 'cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10'], 'vendor': 'Red Hat', 'product': 'Red Hat Ansible Automation Platform 2.6 for RHEL 10', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:openshift:4.17::el8', 'cpe:/a:redhat:openshift:4.17::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.17', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:openshift:4.18::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Container Platform 4.18', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:service_mesh:3'], 'vendor': 'Red Hat', 'product': 'OpenShift Service Mesh 3', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 6', 'defaultStatus': 'unaffected'}] Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-770 Added Reference https://access.redhat.com/errata/RHSA-2026:13508 Added Reference https://access.redhat.com/errata/RHSA-2026:13512 Added Reference https://access.redhat.com/errata/RHSA-2026:13545 Added Reference https://access.redhat.com/errata/RHSA-2026:13553 Added Reference https://access.redhat.com/errata/RHSA-2026:14020 Added Reference https://access.redhat.com/errata/RHSA-2026:17446 Added Reference https://access.redhat.com/errata/RHSA-2026:17595 Added Reference https://access.redhat.com/errata/RHSA-2026:17611 Added Reference https://access.redhat.com/errata/RHSA-2026:1903 Added Reference https://access.redhat.com/errata/RHSA-2026:1904 Added Reference https://access.redhat.com/errata/RHSA-2026:1905 Added Reference https://access.redhat.com/errata/RHSA-2026:1906 Added Reference https://access.redhat.com/errata/RHSA-2026:19712 Added Reference https://access.redhat.com/errata/RHSA-2026:2221 Added Reference https://access.redhat.com/errata/RHSA-2026:2299 Added Reference https://access.redhat.com/errata/RHSA-2026:2300 Added Reference https://access.redhat.com/errata/RHSA-2026:2302 Added Reference https://access.redhat.com/errata/RHSA-2026:2303 Added Reference https://access.redhat.com/errata/RHSA-2026:2309 Added Reference https://access.redhat.com/errata/RHSA-2026:24476 Added Reference https://access.redhat.com/errata/RHSA-2026:24483 Added Reference https://access.redhat.com/errata/RHSA-2026:2453 Added Reference https://access.redhat.com/errata/RHSA-2026:2460 Added Reference https://access.redhat.com/errata/RHSA-2026:2483 Added Reference https://access.redhat.com/errata/RHSA-2026:2486 Added Reference https://access.redhat.com/errata/RHSA-2026:24866 Added Reference https://access.redhat.com/errata/RHSA-2026:24977 Added Reference https://access.redhat.com/errata/RHSA-2026:2712 Added Reference https://access.redhat.com/errata/RHSA-2026:2758 Added Reference https://access.redhat.com/errata/RHSA-2026:28042 Added Reference https://access.redhat.com/errata/RHSA-2026:30088 Added Reference https://access.redhat.com/errata/RHSA-2026:3354 Added Reference https://access.redhat.com/errata/RHSA-2026:3359 Added Reference https://access.redhat.com/errata/RHSA-2026:3958 Added Reference https://access.redhat.com/errata/RHSA-2026:3959 Added Reference https://access.redhat.com/errata/RHSA-2026:4138 Added Reference https://access.redhat.com/errata/RHSA-2026:4139 Added Reference https://access.redhat.com/errata/RHSA-2026:4140 Added Reference https://access.redhat.com/errata/RHSA-2026:4141 Added Reference https://access.redhat.com/errata/RHSA-2026:4142 Added Reference https://access.redhat.com/errata/RHSA-2026:4143 Added Reference https://access.redhat.com/errata/RHSA-2026:4144 Added Reference https://access.redhat.com/errata/RHSA-2026:4145 Added Reference https://access.redhat.com/errata/RHSA-2026:4146 Added Reference https://access.redhat.com/errata/RHSA-2026:4147 Added Reference https://access.redhat.com/errata/RHSA-2026:4148 Added Reference https://access.redhat.com/errata/RHSA-2026:4943 Added Reference https://access.redhat.com/errata/RHSA-2026:5606 Added Reference https://access.redhat.com/security/cve/CVE-2026-23490 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2430472 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23490.json -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'pyasn1', 'product': 'pyasn1', 'versions': [{'status': 'affected', 'version': '< 0.6.2'}]}] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-23490', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'yes'}, {'technicalImpact': 'partial'}], 'version': '2.0.3', 'timestamp': '2026-01-16T19:23:28.531270Z'} -
Initial Analysis by [email protected]
Mar. 13, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:* versions up to (excluding) 0.6.2 Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 Types: Product, Release Notes Added Reference Type GitHub, Inc.: https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq Types: Vendor Advisory Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html Types: Vendor Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Feb. 01, 2026
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html -
New CVE Received by [email protected]
Jan. 16, 2026
Action Type Old Value New Value Added Description pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-770 Added Reference https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 Added Reference https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 Added Reference https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq