Vulnerability-Lookup

FKIE_CVE-2026-23490

Vulnerability from fkie_nvd - Published: 2026-01-16 19:16 - Updated: 2026-06-17 10:21

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

References

URL	Tags
security-advisories@github.com	https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970	Patch
security-advisories@github.com	https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2	Product, Release Notes
security-advisories@github.com	https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	pyasn1	pyasn1	*
	debian	debian_linux	11.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "pyasn1",
          "vendor": "pyasn1",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.2"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "C70B68D3-480C-4132-84A7-CF1C31714EB2",
              "versionEndExcluding": "0.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2."
    },
    {
      "lang": "es",
      "value": "pyasn1 es una librer\u00eda ASN.1 gen\u00e9rica para Python. Antes de la versi\u00f3n 0.6.2, se ha encontrado un problema de denegaci\u00f3n de servicio que provoca el agotamiento de la memoria debido a un RELATIVE-OID malformado con octetos de continuaci\u00f3n excesivos. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.6.2."
    }
  ],
  "id": "CVE-2026-23490",
  "lastModified": "2026-06-17T10:21:40.940",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-23490",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-01-16T19:23:28.531270Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-01-16T19:16:19.117",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

CVE-2026-23490 (GCVE-0-2026-23490)

Vulnerability from cvelistv5 – Published: 2026-01-16 19:03 – Updated: 2026-06-30 03:16

Title

pyasn1 has a DoS vulnerability in decoder

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

55 references

URL	Tags
https://github.com/pyasn1/pyasn1/security/advisor…	x_refsource_CONFIRM
https://github.com/pyasn1/pyasn1/commit/3908f1442…	x_refsource_MISC
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2026…
https://access.redhat.com/security/cve/CVE-2026-23490	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2430472	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:4148	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2758	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3959	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13512	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:28042	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3958	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13508	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17595	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17446	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4138	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1905	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3354	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1906	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4146	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4145	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2483	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4147	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2486	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4144	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2221	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4139	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2303	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4140	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2300	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4142	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2302	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4143	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2299	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4141	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1903	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3359	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1904	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2453	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2460	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30088	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13553	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13545	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24866	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5606	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17611	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24977	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14020	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24476	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24483	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4943	vendor-advisoryx_refsource_REDHAT

Impacted products

70 products

Vendor	Product	Version
pyasn1	pyasn1	Affected: < 0.6.2
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)	cpe:/o:redhat:enterprise_linux:7::server
Red Hat	Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)	cpe:/o:redhat:enterprise_linux:7::server
Red Hat	Red Hat Enterprise Linux Server for SAP ELS (v. 7)	cpe:/a:redhat:rhel_extras_sap_els:7
Red Hat	Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)	cpe:/a:redhat:rhel_extras_sap_hana_els:7
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
Red Hat	Red Hat OpenStack Platform 17.1	cpe:/a:redhat:openstack:17.1::el8
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
Red Hat	Ironic content for Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift_ironic:4.17::el9
Red Hat	Ironic content for Red Hat OpenShift Container Platform 4.18	cpe:/a:redhat:openshift_ironic:4.18::el9
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v. 8.2)	cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux HighAvailability (v. 8)	cpe:/a:redhat:enterprise_linux:8::highavailability
Red Hat	Red Hat Enterprise Linux High Availability AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::highavailability
Red Hat	Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::highavailability
Red Hat	Red Hat Enterprise Linux High Availability TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::highavailability
Red Hat	Red Hat Enterprise Linux High Availability TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::highavailability
Red Hat	Red Hat Enterprise Linux High Availability E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::highavailability
Red Hat	Red Hat Enterprise Linux High Availability EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::highavailability
Red Hat	Red Hat AI Inference Server 3.3	cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat Ansible Automation Platform 2.5	cpe:/a:redhat:ansible_automation_platform:2.5::el8
Red Hat	Red Hat Ansible Automation Platform 2.6	cpe:/a:redhat:ansible_automation_platform:2.6::el9
Red Hat	Red Hat Ceph Storage 8	cpe:/a:redhat:ceph_storage:8::el9
Red Hat	Red Hat Enterprise Linux AI 3.3	cpe:/a:redhat:enterprise_linux_ai:3.3::el9
Red Hat	Red Hat OpenShift AI 2.25	cpe:/a:redhat:openshift_ai:2.25::el9
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenStack 1.5	cpe:/a:redhat:stf:1.5::el9
Red Hat	Red Hat Trusted Artifact Signer 1.3	cpe:/a:redhat:trusted_artifact_signer:1.3::el9
Red Hat	Red Hat Trusted Artifact Signer 1.4	cpe:/a:redhat:trusted_artifact_signer:1.4::el9
Red Hat	Red Hat Update Infrastructure 5	cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Enterprise Linux ResilientStorage (v. 8)	cpe:/a:redhat:enterprise_linux:8::resilientstorage
Red Hat	Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
Red Hat	Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::resilientstorage
Red Hat	Lightspeed Core	cpe:/a:redhat:lightspeed_core
Red Hat	Migration Toolkit for Containers	cpe:/a:redhat:rhmt:1
Red Hat	Migration Toolkit for Virtualization	cpe:/a:redhat:migration_toolkit_virtualization:2
Red Hat	OpenShift Lightspeed	cpe:/a:redhat:openshift_lightspeed
Red Hat	Red Hat AI Inference Server	cpe:/a:redhat:ai_inference_server:3
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenStack Platform 16.2	cpe:/a:redhat:openstack:16.2
Red Hat	Red Hat OpenStack Platform 18.0	cpe:/a:redhat:openstack:18.0
Red Hat	Red Hat Quay 3	cpe:/a:redhat:quay:3
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 10	cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	cpe:/a:redhat:openshift:4.18::el8
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23490",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T19:23:28.531270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T19:23:51.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-01T17:06:14.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7::server"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7::server"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_extras_sap_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server for SAP ELS (v. 7)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_extras_sap_hana_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:17.1::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ironic:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Ironic content for Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ironic:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Ironic content for Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux HighAvailability (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::highavailability"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux High Availability EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AI Inference Server 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ceph_storage:8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ceph Storage 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:stf:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack 1.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhui:5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Update Infrastructure 5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux ResilientStorage (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lightspeed_core"
            ],
            "defaultStatus": "affected",
            "product": "Lightspeed Core",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhmt:1"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_virtualization:2"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Virtualization",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_lightspeed"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Lightspeed",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AI Inference Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el8",
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-01-16T19:03:36.442Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:16:28.646Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-23490"
          },
          {
            "name": "RHBZ#2430472",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430472"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23490.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4148"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2758"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3959"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:28042"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3958"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13508"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17595"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17446"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2309"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4138"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:1905"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3354"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:1906"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4146"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4145"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2483"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4147"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2486"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4144"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2221"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4139"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2303"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4140"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2300"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4142"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2302"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4143"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2299"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4141"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:1903"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3359"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:1904"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2453"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:2460"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:30088"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13553"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13545"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24866"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5606"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17611"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24977"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14020"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24476"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24483"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4943"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:4148: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2758: Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS), Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS), Red Hat Enterprise Linux Server for SAP ELS (v. 7), Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3959: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:28042: Red Hat OpenStack Platform 17.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13508: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17595: Ironic content for Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17446: Ironic content for Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2309: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4138: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:1905: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3354: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:1906: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux HighAvailability (v. 8), Red Hat Enterprise Linux ResilientStorage (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4146: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4145: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2483: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4147: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2486: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4144: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2221: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4139: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2303: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux High Availability E4S (v.9.0), Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4140: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2300: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux High Availability E4S (v.9.2), Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4142: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2302: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux High Availability EUS (v.9.4), Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4143: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2299: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4141: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:1903: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3359: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:1904: Red Hat Enterprise Linux HighAvailability (v. 8), Red Hat Enterprise Linux ResilientStorage (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2712: Red Hat Enterprise Linux High Availability AUS (v.8.4), Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2453: Red Hat Enterprise Linux High Availability E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:2460: Red Hat Enterprise Linux High Availability E4S (v.8.8), Red Hat Enterprise Linux High Availability TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13553: Red Hat Ansible Automation Platform 2.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5606: Red Hat Ceph Storage 8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17611: Red Hat Enterprise Linux AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14020: Red Hat OpenStack 1.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24476: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24483: Red Hat Trusted Artifact Signer 1.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4943: Red Hat Update Infrastructure 5"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-16T20:03:33.790Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-01-16T19:03:36.442Z",
            "value": "Made public."
          }
        ],
        "title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyasn1",
          "vendor": "pyasn1",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T19:03:36.442Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
        },
        {
          "name": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
        },
        {
          "name": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
        }
      ],
      "source": {
        "advisory": "GHSA-63vm-454h-vhhq",
        "discovery": "UNKNOWN"
      },
      "title": "pyasn1 has a DoS vulnerability in decoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-23490",
    "datePublished": "2026-01-16T19:03:36.442Z",
    "dateReserved": "2026-01-13T15:47:41.628Z",
    "dateUpdated": "2026-06-30T03:16:28.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-23490

CVE-2026-23490 (GCVE-0-2026-23490)

Tags

Sightings

Nomenclature