Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS7AI score0.00478EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2026/06/09 6:1 p.m.20 views

USN-8416-1: Go Networking vulnerability

It was discovered that Go Networking incorrectly handled certain Punycode-encoded labels in the idna package. An attacker could possibly use this issue to bypass hostname-based access restrictions...

9.6CVSS5.5AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/05 11:16 p.m.6 views

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 2:34 p.m.12 views

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function prior to length rejection, and for high values of N will take a long time to process. Impact A speciall...

6.9CVSS6.7AI score0.00408EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 12:12 a.m.11 views

GHSA-CM33-6792-R9FM Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

7.5CVSS5.8AI score0.00818EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/10/23 11:27 a.m.8 views

python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.3 views

python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/05/30 12:0 a.m.6 views

The vulnerability of the idna.encode() function in internationalized domain names in applications allows a violator to trigger a service denial.

The vulnerability of the idna.encode function in internationalized domain names in applications is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.8CVSS6.7AI score0.01386EPSS
Exploits1References16Affected Software8
Vulnrichment
Vulnrichment
added 2022/12/23 12:0 a.m.3 views

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

5.6AI score0.1654EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2022/12/21 8:0 a.m.7 views

Another HSTS bypass via IDN

curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. The HSTS mechanism could be bypassed if the hostname in the given URL first uses...

7.5CVSS6.6AI score0.1654EPSS
Exploits1References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/07/02 12:0 a.m.5 views

The vulnerability of DHCP clients for UNIX-based command-line tools like BusyBox, related to integer overflows in value manipulation, allows attackers to trigger a service failure.

The vulnerability of DHCP clients that use UNIX command-line utilities with BusyBox is related to integer overflows. Exploiting this vulnerability allows an attacker to cause a service failure by using a modified domain name with the RFC1035 encoding...

7.5CVSS6.6AI score0.08055EPSS
Exploits4References8Affected Software3
OSV
OSV
added 2014/07/01 10:17 a.m.4 views

UBUNTU-CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS5.8AI score0.01721EPSS
Exploits0References6
Rows per page
Query Builder