Kjd/Idna Library Vulnerability Affects Version 3.6, Leading to Denial of Service
CVE-2024-3651

7.5HIGH

Key Information:

Vendor: Kjd
Status: Kjd/idna
Vendor: CVE Published:; 7 July 2024

What is CVE-2024-3651?

A vulnerability has been identified in the kjd/idna library, particularly affecting the functionality of the idna.encode() method in version 3.6. This problem stems from the method's inadequate handling of specially crafted input strings, which can lead to significant computational overhead. When triggered, this can cause the function to exhibit quadratic complexity in processing, resulting in a potential denial of service scenario. The vulnerability allows an attacker to provide maliciously designed input that substantially prolongs the processing time, thereby exploiting the system's resources.

Affected Version(s)

kjd/idna < 3.7

References

https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc...

https://github.com/kjd/idna/commit/1d365e17e10d72d0b78763...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2024
Vulnerability Reserved
Apr 10, 2024

CVE-2024-3651 Data

JSON