Bug 2448553 (CVE-2026-30922) - CVE-2026-30922 pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Summary: CVE-2026-30922 pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded R...
Keywords:
Status: NEW
Alias: CVE-2026-30922
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-18 04:04 UTC by OSIDB Bzimport
Modified: 2026-06-04 11:09 UTC (History)
91 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:12176 0 None None None 2026-04-30 10:05:47 UTC
Red Hat Product Errata RHSA-2026:13508 0 None None None 2026-05-04 13:59:05 UTC
Red Hat Product Errata RHSA-2026:13512 0 None None None 2026-05-04 14:16:05 UTC
Red Hat Product Errata RHSA-2026:13902 0 None None None 2026-05-06 04:31:34 UTC
Red Hat Product Errata RHSA-2026:13916 0 None None None 2026-05-06 06:33:31 UTC
Red Hat Product Errata RHSA-2026:13917 0 None None None 2026-05-06 06:43:31 UTC
Red Hat Product Errata RHSA-2026:17083 0 None None None 2026-05-13 15:22:25 UTC
Red Hat Product Errata RHSA-2026:19138 0 None None None 2026-05-19 16:08:32 UTC
Red Hat Product Errata RHSA-2026:19355 0 None None None 2026-05-19 21:39:57 UTC
Red Hat Product Errata RHSA-2026:20588 0 None None None 2026-05-26 05:26:44 UTC
Red Hat Product Errata RHSA-2026:22131 0 None None None 2026-06-01 01:09:43 UTC
Red Hat Product Errata RHSA-2026:22132 0 None None None 2026-06-01 01:10:29 UTC
Red Hat Product Errata RHSA-2026:22133 0 None None None 2026-06-01 01:08:20 UTC
Red Hat Product Errata RHSA-2026:22134 0 None None None 2026-06-01 01:52:55 UTC
Red Hat Product Errata RHSA-2026:22135 0 None None None 2026-06-01 01:25:21 UTC
Red Hat Product Errata RHSA-2026:22969 0 None None None 2026-06-03 23:34:24 UTC
Red Hat Product Errata RHSA-2026:22970 0 None None None 2026-06-04 11:09:09 UTC
Red Hat Product Errata RHSA-2026:22987 0 None None None 2026-06-03 21:56:18 UTC

Description OSIDB Bzimport 2026-03-18 04:04:41 UTC 
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
Comment 2 errata-xmlrpc 2026-04-30 10:05:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:12176 https://access.redhat.com/errata/RHSA-2026:12176
Comment 3 errata-xmlrpc 2026-05-04 13:58:59 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 10
  Red Hat Ansible Automation Platform 2.6 for RHEL 9

Via RHSA-2026:13508 https://access.redhat.com/errata/RHSA-2026:13508
Comment 4 errata-xmlrpc 2026-05-04 14:16:00 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2026:13512 https://access.redhat.com/errata/RHSA-2026:13512
Comment 5 errata-xmlrpc 2026-05-06 04:31:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13902 https://access.redhat.com/errata/RHSA-2026:13902
Comment 6 errata-xmlrpc 2026-05-06 06:33:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:13916 https://access.redhat.com/errata/RHSA-2026:13916
Comment 7 errata-xmlrpc 2026-05-06 06:43:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:13917 https://access.redhat.com/errata/RHSA-2026:13917
Comment 8 errata-xmlrpc 2026-05-13 15:22:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17083 https://access.redhat.com/errata/RHSA-2026:17083
Comment 9 errata-xmlrpc 2026-05-19 16:08:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19138 https://access.redhat.com/errata/RHSA-2026:19138
Comment 10 errata-xmlrpc 2026-05-19 21:39:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19355 https://access.redhat.com/errata/RHSA-2026:19355
Comment 11 errata-xmlrpc 2026-05-26 05:26:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:20588 https://access.redhat.com/errata/RHSA-2026:20588
Comment 12 errata-xmlrpc 2026-06-01 01:08:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:22133 https://access.redhat.com/errata/RHSA-2026:22133
Comment 13 errata-xmlrpc 2026-06-01 01:09:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:22131 https://access.redhat.com/errata/RHSA-2026:22131
Comment 14 errata-xmlrpc 2026-06-01 01:10:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:22132 https://access.redhat.com/errata/RHSA-2026:22132
Comment 15 errata-xmlrpc 2026-06-01 01:25:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:22135 https://access.redhat.com/errata/RHSA-2026:22135
Comment 16 errata-xmlrpc 2026-06-01 01:52:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:22134 https://access.redhat.com/errata/RHSA-2026:22134
Comment 18 errata-xmlrpc 2026-06-03 21:56:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:22987 https://access.redhat.com/errata/RHSA-2026:22987
Comment 19 errata-xmlrpc 2026-06-03 23:34:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:22969 https://access.redhat.com/errata/RHSA-2026:22969
Comment 20 errata-xmlrpc 2026-06-04 11:09:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22970 https://access.redhat.com/errata/RHSA-2026:22970
Note You need to log in before you can comment on or make changes to this bug.