Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-3651
HistoryApr 23, 2024 - 12:00 a.m.

CVE-2024-3651

2024-04-2300:00:00
ubuntu.com
ubuntu.com
16
resource consumption dos
specially crafted inputs
idna.encode
debian
redhat
github
python
pip
binaries
patch

6.3 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

[potential DoS via resource consumption via specially crafted inputs to
idna.encode()]

Bugs

Notes

Author Note
mdeslaur On focal and earlier, the python-pip package bundles python-idna binaries when built. After updating python-idna, a no-change rebuild of python-pip is required. On jammy and later, python-idna is bundled in the python-pip package and needs to be patched.