CVE-2019-1284Improper Validation of Specified Quantity in Input in Django

CWE-1284Improper Validation of Specified Quantity in InputCWE-400Uncontrolled Resource ConsumptionCWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow7 documents6 sources
Severity
7.8HIGHNVD
GHSA7.5
EPSS
0.3%
top 49.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Djangoproject DjangoMicrosoft WindowsMicrosoft Windows Server+8 more
Timeline
PublishedSep 11
Latest updateMar 21

Description

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

PyPIdjangoproject/django3.2a13.2.22+2
CVEListV5microsoft/windows7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1+1
CVEListV5microsoft/windows_server8 versions+7

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
Django Denial-of-service in django.utils.text.Truncator2023-11-03
GHSA
GHSA-jmjc-rh8r-gw8j: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'2022-05-24

📋Vendor Advisories

3
Red Hat
Pidgin: Pidgin: Denial of Service via excessively long username2026-03-21
Red Hat
libarchive: heap-based buffer overflow in archive_read_support_format_lha.c due to insufficient validation of UTF-16 input2019-11-26
Microsoft
DirectX Elevation of Privilege Vulnerability2019-09-10

💬Community

1
Bugzilla
CVE-2019-20509 libarchive: heap-based buffer overflow in archive_read_support_format_lha.c due to insufficient validation of UTF-16 input2020-03-11
CVE-2019-1284 — Djangoproject Django vulnerability | cvebase