CVE-2024-3651

CVSS V2 None CVSS V3 None

Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Overview

CVE ID
CVE-2024-3651

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-07-07T17:22:10.032Z

Last Modified Date
2024-07-07T19:07:50.996Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb
https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-3651
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651

History

Created	Old Value	New Value	Data Type	Notes
2024-07-08 13:02:26				Added to TrackCVE