CVE Vulnerabilities

CVE-2026-30922

Uncontrolled Recursion

Published: Mar 18, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (MAX_OID_ARC_CONTINUATION_OCTETS) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

NameVendorStart VersionEnd Version
Pyasn1Pyasn1*0.6.3 (excluding)
Red Hat Ansible Automation Platform 2.5 for RHEL 8RedHatpython3.12-pyasn1-0:0.6.3-1.el8ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 8RedHatautomation-controller-0:4.6.29-2.el8ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 9RedHatpython3.12-pyasn1-0:0.6.3-1.el9ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 9RedHatautomation-controller-0:4.6.29-2.el9ap*
Red Hat Ansible Automation Platform 2.6 for RHEL 9RedHatpython3.12-pyasn1-0:0.6.3-1.el9ap*
Red Hat Ansible Automation Platform 2.6 for RHEL 9RedHatautomation-controller-0:4.7.12-1.el9ap*
Red Hat Enterprise Linux 10RedHatfence-agents-0:4.16.0-13.el10_1.4*
Red Hat Enterprise Linux 10RedHatfence-agents-0:4.16.0-21.el10_2.1*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatfence-agents-0:4.16.0-5.el10_0.9*
Red Hat Enterprise Linux 8RedHatfence-agents-0:4.2.1-129.el8_10.25*
Red Hat Enterprise Linux 8RedHatresource-agents-0:4.9.0-54.el8_10.33*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatfence-agents-0:4.2.1-65.el8_4.28*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatresource-agents-0:4.1.1-90.el8_4.25*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatfence-agents-0:4.2.1-65.el8_4.28*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatresource-agents-0:4.1.1-90.el8_4.25*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatfence-agents-0:4.2.1-89.el8_6.22*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatfence-agents-0:4.2.1-89.el8_6.22*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatresource-agents-0:4.9.0-16.el8_6.22*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatfence-agents-0:4.2.1-89.el8_6.22*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatresource-agents-0:4.9.0-16.el8_6.22*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatfence-agents-0:4.2.1-112.el8_8.17*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatresource-agents-0:4.9.0-40.el8_8.19*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatfence-agents-0:4.2.1-112.el8_8.17*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatresource-agents-0:4.9.0-40.el8_8.19*
Red Hat Enterprise Linux 9RedHatfence-agents-0:4.10.0-98.el9_7.13*
Red Hat Enterprise Linux 9RedHatfence-agents-0:4.10.0-110.el9_8.2*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatfence-agents-0:4.10.0-43.el9_2.22*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatfence-agents-0:4.10.0-62.el9_4.25*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatfence-agents-0:4.10.0-86.el9_6.17*
Red Hat AI Inference Server 3.3RedHatrhaiis/vllm-rocm-rhel9:1778244531*
Red Hat Ansible Automation Platform 2.5RedHatansible-automation-platform-25/ee-supported-rhel8:1777398315*
Red Hat Ansible Automation Platform 2.5RedHatansible-automation-platform-25/lightspeed-rhel8:1777403872*
Red Hat Ansible Automation Platform 2.5RedHatansible-automation-platform-25/platform-resource-runner-rhel8:1777402264*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/eda-controller-rhel9:1777296732*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/gateway-rhel9:1777311120*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-rhel9:1777387242*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-chatbot-rhel9:1774417022*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-chatbot-rhel9:1774417022*
Red Hat Enterprise Linux AI 3.3RedHatrhelai3/bootc-azure-rocm-rhel9:1778677745*
Red Hat Enterprise Linux AI 3.3RedHatrhelai3/bootc-rocm-rhel9:1778666124*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-kserve-storage-initializer-rhel9:1776343111*
Red Hat OpenShift AI 3.3RedHatrhoai/odh-kserve-storage-initializer-rhel9:1778263407*
Red Hat OpenStack 1.5RedHatstf/prometheus-webhook-snmp-rhel9:1777452540*
Red Hat OpenStack 1.5RedHatstf/service-telemetry-rhel9-operator:1777407251*
Red Hat OpenStack 1.5RedHatstf/smart-gateway-rhel9-operator:1777436150*
Red Hat Quay 3.10RedHatquay/quay-rhel8:1775169155*
Red Hat Quay 3.12RedHatquay/quay-rhel8:1775253092*
Red Hat Quay 3.15RedHatquay/quay-rhel8:1775169219*
Red Hat Quay 3.16RedHatquay/quay-rhel9:1779204086*
Red Hat Quay 3.9RedHatquay/quay-rhel8:1775169218*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/model-transparency-rhel9:1775815407*
Pyasn1Ubuntuesm-infra-legacy/trusty*
Pyasn1Ubuntuesm-infra-legacy/xenial*
Pyasn1Ubuntuesm-infra/bionic*
Pyasn1Ubuntuesm-infra/focal*
Pyasn1Ubuntuesm-infra/xenial*
Pyasn1Ubuntujammy*
Pyasn1Ubuntunoble*
Pyasn1Ubuntuquesting*
Pyasn1Ubuntuupstream*

Potential Mitigations

References