| Package | pyasn1 |
|---|---|
| Version | 0.1.9-2+deb9u1 (stretch), 0.4.2-3+deb10u1 (buster) |
| Related CVEs | CVE-2026-23490 |
It was discovered that pyasn1, a generic ASN.1 library for Python, is prone to a denial of service vulnerability, which may result in memory exhaustion from malformed OID/RELATIVE-OID with excessive continuation octets.
For Debian 10 buster, these problems have been fixed in version 0.4.2-3+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 0.1.9-2+deb9u1.
We recommend that you upgrade your pyasn1 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.