We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3651

Denial of Service via Quadratic Complexity in kjd/idna



Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Reserved 2024-04-10 | Published 2024-07-07 | Updated 2024-08-01 | Assigner @huntr_ai


MEDIUM: 6.2CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Any version before 3.7
affected

References

huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb

github.com/...ommit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

cve.org (CVE-2024-3651)

nvd.nist.gov (CVE-2024-3651)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3651

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456