How severe is CVE-2024-3651?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2024-3651?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2024-3651 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Related Vulnerabilities

CVE-2016-9040

MEDIUM

CVSS:6.2(Medium)

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES wh...

CWE-4002016

CVE-2017-15529

MEDIUM

CVSS:6.2(Medium)

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device ...

CWE-4002017

CVE-2018-10864

MEDIUM

CVSS:6.2(Medium)

An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be ope...

CWE-4002018

CVE-2018-16878

MEDIUM

CVSS:6.2(Medium)

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

CWE-4002018

CVE-2019-4049

MEDIUM

CVSS:6.2(Medium)

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. ...

CWE-4002019

CVE-2021-0182

MEDIUM

CVSS:6.2(Medium)

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

CWE-4002021