| Package | pyasn1 |
|---|---|
| Version | 0.1.9-2+deb9u2 (stretch), 0.4.2-3+deb10u2 (buster) |
| Related CVEs | CVE-2026-30922 |
pyasn1 is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled
recursion when decoding ASN.1 data with deeply nested structures. This vulnerability
can force the decoder to recursively call itself until the Python interpreter
crashes with a RecursionError or consumes all available memory, crashing the host
application.
For Debian 10 buster, these problems have been fixed in version 0.4.2-3+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 0.1.9-2+deb9u2.
We recommend that you upgrade your pyasn1 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.