We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3651

Denial of Service via Quadratic Complexity in kjd/idna



Assigner@huntr_ai
Reserved2024-04-10
Published2024-07-07
Updated2024-08-01

Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.



MEDIUM: 6.2CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Any version before 3.7
affected

References

https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb

https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

cve.org CVE-2024-3651

nvd.nist.gov CVE-2024-3651

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.