From 78697518910bd318c7fc2492abb7c6773db8e8b1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 7 Jul 2024 20:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-07-07T20:00:24.258887+00:00 --- CVE-2024/CVE-2024-36xx/CVE-2024-3651.json | 60 +++++++++++++++++++++++ README.md | 8 +-- _state.csv | 3 +- 3 files changed, 66 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-36xx/CVE-2024-3651.json diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3651.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3651.json new file mode 100644 index 00000000000..495c171132a --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3651.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3651", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-07T18:15:09.827", + "lastModified": "2024-07-07T18:15:09.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fc6903818e8..34caeda9c0d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-07T18:00:42.520950+00:00 +2024-07-07T20:00:24.258887+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-07T16:15:02.013000+00:00 +2024-07-07T18:15:09.827000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255978 +255979 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-6229](CVE-2024/CVE-2024-62xx/CVE-2024-6229.json) (`2024-07-07T16:15:02.013`) +- [CVE-2024-3651](CVE-2024/CVE-2024-36xx/CVE-2024-3651.json) (`2024-07-07T18:15:09.827`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index d8fd5825966..89d9adec072 100644 --- a/_state.csv +++ b/_state.csv @@ -253082,6 +253082,7 @@ CVE-2024-36500,0,0,257fd399a14a7141c50c9e2046f94aaac781c0de172f7af5b46d8dab39ba2 CVE-2024-36501,0,0,31cf8d7c71722235c9f044b51d6c28f28965439d43fd3f0fcf21214d656b125f,2024-06-17T12:42:04.623000 CVE-2024-36502,0,0,af0ea55ba6dbd08cf23c5f8732d2aeb0cf79fdfab13bdf5e07cadc44342549d0,2024-06-17T12:42:04.623000 CVE-2024-36503,0,0,3aef981902bcd0cfa43896ed1ada7c9ec64d59690838f1ba35c268bf26e5218a,2024-06-17T12:42:04.623000 +CVE-2024-3651,1,1,be30455c34a2654395eb4a44c80e2f772b86721c620f12a6b7595d8d6eb72c8b,2024-07-07T18:15:09.827000 CVE-2024-3652,0,0,455dabb71414a7592172807b25da69c5818ecc78456d9f87c63904d4c0988a33,2024-05-01T17:15:37.793000 CVE-2024-36523,0,0,779ff20f3e54c54b68fa38cf8a73a6874fca821f18024ef38fb974b398395dd0,2024-06-13T18:36:09.010000 CVE-2024-36527,0,0,5a4da781a91464af6910d804126691f30125cf5f5ae9e52379cc70e43ae0f627,2024-07-03T02:03:14.827000 @@ -255866,7 +255867,7 @@ CVE-2024-6216,0,0,163aaa10da8fbd3f1a722ddf5828825abea50c90fd2d9b89c4bf2c73ab93f6 CVE-2024-6217,0,0,3711ed31aaa9f7586428ac093ba9118453625e92a316540d8e0c90d5655ba292,2024-06-21T11:22:01.687000 CVE-2024-6218,0,0,080145c08c5ffaf1b0f4fe61601c30772836ccbea26d111bc22bd57681c581e7,2024-06-21T15:15:16.547000 CVE-2024-6225,0,0,05da1495d7d116987721ea4d8dad783669e833db8afd42c6e9b9d7b36358250e,2024-06-24T19:21:28.450000 -CVE-2024-6229,1,1,f1f054c8daa5ac2c46672d5a0f53c7a9d2a940a35470133039aaba3576e253b3,2024-07-07T16:15:02.013000 +CVE-2024-6229,0,0,f1f054c8daa5ac2c46672d5a0f53c7a9d2a940a35470133039aaba3576e253b3,2024-07-07T16:15:02.013000 CVE-2024-6238,0,0,01bce4fcd5bf21099e3fa29fb7e34bf0d2a461d152d0ae3d9b913c1fb46d1451,2024-06-25T18:50:42.040000 CVE-2024-6239,0,0,4d98a21d53ef2e5917897cadc254a12ee654ff1e3575a82a15151981272f61b5,2024-06-24T19:06:27.537000 CVE-2024-6240,0,0,3ba60659d5977ed2c81ae70dc02c754f9eebbd14309190bebb86d2a019bd47a8,2024-06-24T19:10:38.983000