23 matches found
GHSA-65PC-FJ4G-8RJX Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function prior to length rejection, and for high values of N will take a long time to process. Impact A speciall...
PT-2026-41956
Name of the Vulnerable Software and Affected Versions idna versions prior to 3.14 Description A specially crafted argument passed to the idna.encode function can consume significant system resources, potentially leading to a denial-of-service. This occurs because payloads containing specific...
Astra Linux - уязвимость в python-idna
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function’s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8498:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8498:01 advisory. python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory CVE-2023-6597 python39:3.9/python39: python: The zipfile module is...
MiracleLinux 7 : python-idna-2.4-1.0.1.el7.AXS7 (AXSA:2025-11498:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11498:01 advisory. CVE-2024-3651: more efficient resolution of joiner contexts in idna library to avoid quadratic complexity that leads to a DoS condition CVEs: CVE-2024-3651 ...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
Medium: python3-idna
Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python3-idna Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Medium: python-idna
Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python-idna Issue Correction: Run dnf update python-idna --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-763 --releasever...
AZL-43210 CVE-2024-3651 affecting package python-pip for versions less than 24.0-2
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
AZL-59690 CVE-2024-3651 affecting package python3 for versions less than 3.9.19-13
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
AZL-43201 CVE-2024-3651 affecting package python-idna for versions less than 3.7-1
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
ALPINE-CVE-2024-3651
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
DEBIAN-CVE-2024-3651
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
AZL-43207 CVE-2024-3651 affecting package tensorflow for versions less than 2.16.1-7
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
AZL-43204 CVE-2024-3651 affecting package python-idna for versions less than 3.7-1
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...
python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode function can trigger an uncontrolled resource consumption, resulting in a denial of service...