USN-8416-1: Go Networking vulnerability

It was discovered that Go Networking incorrectly handled certain Punycode-encoded labels in the idna package. An attacker could possibly use this issue to bypass hostname-based access restrictions...

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function prior to length rejection, and for high values of N will take a long time to process. Impact A speciall...

GHSA-CM33-6792-R9FM Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...

python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...

The vulnerability of the idna.encode() function in internationalized domain names in applications allows a violator to trigger a service denial.

The vulnerability of the idna.encode function in internationalized domain names in applications is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

The vulnerability of DHCP clients for UNIX-based command-line tools like BusyBox, related to integer overflows in value manipulation, allows attackers to trigger a service failure.

The vulnerability of DHCP clients that use UNIX command-line utilities with BusyBox is related to integer overflows. Exploiting this vulnerability allows an attacker to cause a service failure by using a modified domain name with the RFC1035 encoding...

UBUNTU-CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site...