Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

GO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerabilities in kjd/idna library

Summary IBM B2B Advanced Communications has addressed vulnerabilities in idna library shipped with product CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version...

MiracleLinux 7 : python-idna-2.4-1.0.1.el7.AXS7 (AXSA:2025-11498:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-11498:01 advisory. CVE-2024-3651: more efficient resolution of joiner contexts in idna library to avoid quadratic complexity that leads to a DoS condition CVEs: CVE-2024-3651 ...

EUVD-2024-0077

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : python-idna Vulnerability (NS-SA-2025-0144)

The remote NewStart CGSL host, running version MAIN 7.02, has python-idna packages installed that are affected by a vulnerability: - A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's...

EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2025-1811)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

Linux Distros Unpatched Vulnerability : CVE-2024-3651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function'...

EulerOS 2.0 SP8 : python-idna (EulerOS-SA-2024-2487)

According to the versions of the python-idna packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2024-2349)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2024-2357)

According to the versions of the python-pip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP12 : python-idna (EulerOS-SA-2024-2355)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP11 : python-idna (EulerOS-SA-2024-2091)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

CVE-2024-3651

...

Huawei EulerOS: Security Advisory for python-idna (EulerOS-SA-2024-1894)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

AZL-43204 CVE-2024-3651 affecting package python-idna for versions less than 3.7-1

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

AZL-43207 CVE-2024-3651 affecting package tensorflow for versions less than 2.16.1-7

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...