CVE-2024-3651 — Regex Denial of Service in Idna
Severity
7.5HIGHNVD
OSV6.1
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 7
Latest updateSep 23
Description
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages19 packages
Patches
🔴Vulnerability Details
4OSV▶
CVE-2024-3651: A vulnerability was identified in the kjd/idna library, specifically within the `idna↗2024-07-07
GHSA▶
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode↗2024-04-11
OSV▶
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode↗2024-04-11