Bug 2448553 (CVE-2026-30922) - CVE-2026-30922 pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Summary: CVE-2026-30922 pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded R...
Keywords:
Status: NEW
Alias: CVE-2026-30922
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-18 04:04 UTC by OSIDB Bzimport
Modified: 2026-05-13 15:22 UTC (History)
86 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:12176 0 None None None 2026-04-30 10:05:47 UTC
Red Hat Product Errata RHSA-2026:13508 0 None None None 2026-05-04 13:59:05 UTC
Red Hat Product Errata RHSA-2026:13512 0 None None None 2026-05-04 14:16:05 UTC
Red Hat Product Errata RHSA-2026:13902 0 None None None 2026-05-06 04:31:34 UTC
Red Hat Product Errata RHSA-2026:13916 0 None None None 2026-05-06 06:33:31 UTC
Red Hat Product Errata RHSA-2026:13917 0 None None None 2026-05-06 06:43:31 UTC
Red Hat Product Errata RHSA-2026:17083 0 None None None 2026-05-13 15:22:25 UTC

Description OSIDB Bzimport 2026-03-18 04:04:41 UTC 
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
Comment 2 errata-xmlrpc 2026-04-30 10:05:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:12176 https://access.redhat.com/errata/RHSA-2026:12176
Comment 3 errata-xmlrpc 2026-05-04 13:58:59 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 10
  Red Hat Ansible Automation Platform 2.6 for RHEL 9

Via RHSA-2026:13508 https://access.redhat.com/errata/RHSA-2026:13508
Comment 4 errata-xmlrpc 2026-05-04 14:16:00 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2026:13512 https://access.redhat.com/errata/RHSA-2026:13512
Comment 5 errata-xmlrpc 2026-05-06 04:31:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13902 https://access.redhat.com/errata/RHSA-2026:13902
Comment 6 errata-xmlrpc 2026-05-06 06:33:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:13916 https://access.redhat.com/errata/RHSA-2026:13916
Comment 7 errata-xmlrpc 2026-05-06 06:43:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:13917 https://access.redhat.com/errata/RHSA-2026:13917
Comment 8 errata-xmlrpc 2026-05-13 15:22:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17083 https://access.redhat.com/errata/RHSA-2026:17083
Note You need to log in before you can comment on or make changes to this bug.