Improper Handling of Length Parameter Inconsistency

CVE-2024-39614

High

8.7/10

Summary

An issue was discovered in Django versions prior to 4.2.14, 5.0.x prior to 5.0.7, 5.1a1, and 5.1b1. The "get_supported_language_variant()" was subject to a potential Denial-of-Service attack when used with very long strings containing specific characters.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-130 - Improper Handling of Length Parameter Inconsistency

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

References

Advisory
Advisory

Advisory Timeline

Published Jul 10, 2024

Improper Handling of Length Parameter Inconsistency

CVE-2024-39614

Summary

CWE-130 - Improper Handling of Length Parameter Inconsistency

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS