CVE-2026-59884 - High Severity Vulnerability
Vulnerable Library - pyasn1-0.4.8-py2.py3-none-any.whl
ASN.1 types and codecs
Library home page: https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl
Dependency Hierarchy:
- darts-0.13.1-py3-none-any.whl (Root Library)
- tensorboard-2.8.0-py3-none-any.whl
- google_auth-2.6.2-py2.py3-none-any.whl
- pyasn1_modules-0.2.8-py2.py3-none-any.whl
- ❌ pyasn1-0.4.8-py2.py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
Publish Date: 2026-07-14
URL: CVE-2026-59884
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-m4p7-r5rc-7g4j
Release Date: 2026-07-14
Fix Resolution (pyasn1): 0.6.4
Direct dependency fix Resolution (darts): 0.14.0
Step up your Open Source Security Game with Mend here
CVE-2026-59884 - High Severity Vulnerability
ASN.1 types and codecs
Library home page: https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl
Dependency Hierarchy:
Found in base branch: main
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
Publish Date: 2026-07-14
URL: CVE-2026-59884
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-m4p7-r5rc-7g4j
Release Date: 2026-07-14
Fix Resolution (pyasn1): 0.6.4
Direct dependency fix Resolution (darts): 0.14.0
Step up your Open Source Security Game with Mend here