Home > Vulnerability Database > CVE-2024-3651

Mend.io Vulnerability Database

CVE-2024-3651

Good to know:

Date: July 7, 2024

A vulnerability was identified in the kjd/idna library, specifically within the "idna.encode()" function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the "idna.encode()" function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Language: Python

Severity Score

7.5

Related Resources (18)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D

Url: https://github.com/kjd/idna

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/

Url: https://lists.debian.org/debian-lts-announce/2024/05/msg00006.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3651

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF

Url: https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb

Url: https://security.alpinelinux.org/vuln/CVE-2024-3651

Url: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h

Url: https://security-tracker.debian.org/tracker/CVE-2024-3651

Url: https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

Url: https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D/

Url: https://www.mend.io/vulnerability-database/CVE-2024-3651

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version idna - 3.7;idna - 3.7

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3651

Good to know:

Date: July 7, 2024

Language: Python

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?