CVE-2023-41164

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.20 Django versions 4.1 through 4.1.10 Django versions 4.2 through 4.2.4

Description The issue is related to the django.utils.encoding.uri to iri() component of the Django web application platform, which is vulnerable to a potential denial of service (DoS) attack due to incorrect input validation. This vulnerability can be exploited by a remote attacker, allowing them to cause a denial of service. The attack is possible via certain inputs with a very large number of Unicode characters.

Recommendations For Django versions 3.2 through 3.2.20, update to version 3.2.21 or later. For Django versions 4.1 through 4.1.10, update to version 4.1.11 or later. For Django versions 4.2 through 4.2.4, update to version 4.2.5 or later. As a temporary workaround, consider restricting the input to the uri to iri() function to prevent large amounts of Unicode characters.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284CWE-400

Related Identifiers

ALT-PU-2023-6171

ALT-PU-2023-6172

ALT-PU-2023-6239

BDU:2023-09108

BIT-DJANGO-2023-41164

CVE-2023-41164

DLA-3558-1

DLA-4210-1

GHSA-7H4P-27MH-HMRW

OESA-2023-1661

OPENSUSE-SU-2024:13198-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2026:10005-1

PYSEC-2023-225

RHSA-2023:5208

RHSA-2023:5701

RHSA-2023:5758

RHSA-2024:1878

RHSA-2024:2010

SUSE-SU-2023:3533-1

SUSE-SU-2023:3580-1

USN-6378-1

USN-6414-2

Affected Products

Alt Linux

Astra Linux

Debian

Django

Linuxmint

Ubuntu

CVE-2023-41164

Weakness Enumeration

Related Identifiers

Affected Products

References · 124