CVE-2023-41164Improper Validation of Specified Quantity in Input in Django

CWE-1284Improper Validation of Specified Quantity in InputCWE-400Uncontrolled Resource Consumption10 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoFedoraproject Fedora
Timeline
PublishedNov 3

Description

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDdjangoproject/django3.23.2.21+2
PyPIdjangoproject/django3.23.2.21+2

Also affects: Fedora 39

🔴Vulnerability Details

5
GHSA
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri2023-11-03
CVEList
CVE-2023-41164: In Django 32023-11-03
OSV
CVE-2023-41164: In Django 32023-11-03
OSV
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri2023-11-03
OSV
python-django vulnerabilities2023-10-04

📋Vendor Advisories

4
Ubuntu
Django vulnerabilities2023-10-04
Ubuntu
Django vulnerability2023-09-18
Red Hat
python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``2023-09-04
Debian
CVE-2023-41164: python-django - In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.uti...2023
CVE-2023-41164 — Djangoproject Django vulnerability | cvebase