Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-30922 is a Denial of Service (DoS) vulnerability in the pyasn1 Python library versions prior to 0.6.3. The vulnerability arises because the library's ASN.1 decoder does not limit the depth of nested ASN.1 structures it processes. An attacker can craft ASN.1 data with thousands of nested SEQUENCE or SET tags using Indefinite Length markers, causing the decoder to recursively call itself excessively."}, {'type': 'paragraph', 'content': 'This uncontrolled recursion leads to a Python RecursionError or out-of-memory condition, crashing the host application or service using pyasn1. The root cause is that key decoder functions recursively invoke decoding callbacks without tracking or limiting recursion depth.'}, {'type': 'paragraph', 'content': 'The issue was fixed in pyasn1 version 0.6.3 by introducing a maximum nesting depth limit of 100. The decoder now tracks the current nesting level and raises a controlled PyAsn1Error if the limit is exceeded, preventing crashes and improving robustness.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can cause denial of service by crashing the Python interpreter or exhausting system memory when decoding maliciously crafted ASN.1 data with excessive nesting.'}, {'type': 'list_item', 'content': 'Remote attackers can send small payloads with deeply nested ASN.1 structures to crash services or worker threads using pyasn1.'}, {'type': 'list_item', 'content': 'The crash can manifest as a RecursionError or out-of-memory condition, leading to service unavailability.'}, {'type': 'list_item', 'content': 'Services parsing untrusted ASN.1 data such as LDAP, SNMP, Kerberos, or X.509 certificates are particularly vulnerable.'}, {'type': 'list_item', 'content': "Increasing Python's recursion limit can worsen the impact by causing higher memory consumption and potentially crashing the entire server."}] [2, 1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes or RecursionErrors in applications using the pyasn1 library when decoding ASN.1 data with deeply nested structures.

A proof-of-concept payload consists of ASN.1 data with thousands of nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers, which can be used to test if the system is vulnerable.

While no specific commands are provided, you can attempt to decode crafted ASN.1 payloads with excessive nesting using the vulnerable pyasn1 version to observe if a RecursionError or out-of-memory condition occurs.

Additionally, monitoring application logs for Python RecursionErrors or crashes related to ASN.1 decoding can help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the pyasn1 library to version 0.6.3 or later, which includes a fix that enforces a maximum ASN.1 nesting depth of 100 during decoding.

This fix prevents uncontrolled recursion by raising a controlled PyAsn1Error when the nesting depth limit is exceeded, avoiding interpreter crashes and denial-of-service conditions.

Until the upgrade is applied, consider restricting or validating ASN.1 inputs from untrusted sources to prevent deeply nested payloads from being processed.

Useful 0 Not Useful 0