UBUNTU-CVE-2026-30922

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-30922
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-30922
Upstream
Downstream
Related
Published
2026-03-18T04:17:00Z
Modified
2026-03-31T18:14:22.339620Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENCE (0x30) or SET (0x31) tags with "Indefinite Length" (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (MAX_OID_ARC_CONTINUATION_OCTETS) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.

References

Affected packages

Ubuntu:22.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.4.8-1ubuntu0.2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.8-1ubuntu0.2

Affected versions

0.*
0.4.8-1
0.4.8-1ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pypy-pyasn1",
            "binary_version": "0.4.8-1ubuntu0.2"
        },
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.4.8-1ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:24.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.4.8-4ubuntu0.2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.8-4ubuntu0.2

Affected versions

0.*
0.4.8-4
0.4.8-4ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.4.8-4ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:25.10
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.6.1-1ubuntu0.2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.1-1ubuntu0.2

Affected versions

0.*
0.6.1-1
0.6.1-1ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.6.1-1ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:Pro:14.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.1.7-1ubuntu2.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.7-1ubuntu2.1+esm1

Affected versions

0.*
0.1.4-0ubuntu1
0.1.7-1ubuntu1
0.1.7-1ubuntu2
0.1.7-1ubuntu2.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-pyasn1",
            "binary_version": "0.1.7-1ubuntu2.1+esm1"
        },
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.1.7-1ubuntu2.1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:Pro:16.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.1.9-1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.9-1ubuntu0.1~esm1

Affected versions

0.*
0.1.8-2
0.1.9-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pypy-pyasn1",
            "binary_version": "0.1.9-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python-pyasn1",
            "binary_version": "0.1.9-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.1.9-1ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:Pro:18.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.4.2-3ubuntu0.18.04.1~esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3ubuntu0.18.04.1~esm1

Affected versions

0.*
0.1.9-2
0.4.2-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pypy-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.18.04.1~esm1"
        },
        {
            "binary_name": "python-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.18.04.1~esm1"
        },
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.18.04.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"
Ubuntu:Pro:20.04:LTS
pyasn1

Package

Name
pyasn1
Purl
pkg:deb/ubuntu/pyasn1@0.4.2-3ubuntu0.20.04.1~esm1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.2-3ubuntu0.20.04.1~esm1

Affected versions

0.*
0.4.2-3
0.4.2-3build1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pypy-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.20.04.1~esm1"
        },
        {
            "binary_name": "python-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.20.04.1~esm1"
        },
        {
            "binary_name": "python3-pyasn1",
            "binary_version": "0.4.2-3ubuntu0.20.04.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30922.json"