Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-23490

CVE-2026-23490: pyasn1 Library DoS Vulnerability

CVE-2026-23490 is a denial-of-service vulnerability in pyasn1, a generic ASN.1 library for Python, causing memory exhaustion via malformed RELATIVE-OID. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-23490 Overview

CVE-2026-23490 is a Denial-of-Service vulnerability affecting pyasn1, a generic ASN.1 library for Python. Prior to version 0.6.2, the library is susceptible to memory exhaustion when processing malformed RELATIVE-OID values containing excessive continuation octets. This vulnerability can be exploited remotely without authentication to cause service disruption through resource exhaustion attacks.

Critical Impact

Remote attackers can trigger memory exhaustion by sending specially crafted ASN.1 data with malformed RELATIVE-OID fields, potentially causing denial of service conditions on systems using the vulnerable pyasn1 library.

Affected Products

  • pyasn1 versions prior to 0.6.2
  • Python applications utilizing vulnerable pyasn1 versions for ASN.1 parsing
  • Services processing untrusted ASN.1 encoded data (certificates, SNMP, LDAP)

Discovery Timeline

  • 2026-01-16 - CVE CVE-2026-23490 published to NVD
  • 2026-01-16 - Last updated in NVD database

Technical Details for CVE-2026-23490

Vulnerability Analysis

This vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The flaw exists in how pyasn1 processes RELATIVE-OID encoded values within ASN.1 structures. ASN.1 (Abstract Syntax Notation One) is a standard interface description language used widely in telecommunications, cryptography, and network protocols.

RELATIVE-OID values use a variable-length encoding scheme where continuation octets indicate that more bytes follow. When parsing these values, the vulnerable versions of pyasn1 fail to properly limit memory allocation when encountering malformed data with an excessive number of continuation octets, leading to uncontrolled memory consumption.

Root Cause

The root cause is the absence of proper resource limits during ASN.1 decoding operations. When the decoder encounters RELATIVE-OID data with artificially extended continuation octets, it allocates memory proportionally without imposing reasonable bounds. This allows an attacker to craft input that forces arbitrary amounts of memory to be allocated, eventually exhausting available system memory.

Attack Vector

The attack can be executed remotely over the network without requiring authentication or user interaction. An attacker sends specially crafted ASN.1 encoded data to a target application using pyasn1 for parsing. The malicious payload contains a RELATIVE-OID field with excessive continuation octets, triggering the memory exhaustion condition.

This is particularly dangerous for applications that process untrusted ASN.1 data, including:

  • Certificate validation services
  • SNMP management systems
  • LDAP directory services
  • Any application accepting ASN.1 encoded input from untrusted sources

The vulnerability mechanism involves crafting RELATIVE-OID encoded data where continuation bits are set excessively, causing the decoder to allocate memory without proper bounds checking. Detailed technical information is available in the GitHub Security Advisory GHSA-63vm-454h-vhhq.

Detection Methods for CVE-2026-23490

Indicators of Compromise

  • Unusual memory consumption spikes in Python processes using pyasn1
  • Application crashes or out-of-memory errors during ASN.1 parsing operations
  • Abnormally large incoming ASN.1 encoded payloads with extended OID fields
  • System slowdown or unresponsiveness in services processing certificate or SNMP data

Detection Strategies

  • Monitor Python application memory usage for abnormal growth patterns during ASN.1 parsing
  • Implement network traffic analysis to detect oversized or malformed ASN.1 payloads
  • Deploy application-level logging to capture ASN.1 parsing failures and memory allocation errors
  • Use SentinelOne's behavioral AI to detect anomalous resource consumption patterns indicative of DoS attacks

Monitoring Recommendations

  • Configure memory usage alerts for services utilizing pyasn1 to detect early signs of exhaustion
  • Implement rate limiting on endpoints that accept ASN.1 encoded data from untrusted sources
  • Enable detailed logging for ASN.1 parsing operations to capture malformed input attempts
  • Review Python dependency manifests to identify vulnerable pyasn1 versions in production environments

How to Mitigate CVE-2026-23490

Immediate Actions Required

  • Upgrade pyasn1 to version 0.6.2 or later immediately across all affected systems
  • Audit application dependencies to identify all instances of pyasn1 in your environment
  • Implement input validation and size limits on ASN.1 data accepted from untrusted sources
  • Consider temporary network-level filtering for oversized ASN.1 payloads if immediate patching is not possible

Patch Information

The vulnerability is fixed in pyasn1 version 0.6.2. The patch implements proper bounds checking during RELATIVE-OID decoding to prevent memory exhaustion. The fix is available through the following resources:

Workarounds

  • Implement application-level memory limits for ASN.1 parsing operations
  • Deploy input size restrictions on network endpoints accepting ASN.1 data
  • Use containerization with memory limits to contain potential impact of exploitation
  • Consider temporarily disabling services that process untrusted ASN.1 data until patching is complete
bash
# Upgrade pyasn1 to patched version
pip install --upgrade pyasn1>=0.6.2

# Verify installed version
pip show pyasn1 | grep Version

# For requirements.txt, ensure minimum version
echo "pyasn1>=0.6.2" >> requirements.txt

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne