Home

Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

PUBLISHED Reserved 2024-04-10 | Published 2024-07-07 | Updated 2025-11-04 | Assigner @huntr_ai




MEDIUM: 6.2CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-1333 Inefficient Regular Expression Complexity

Product status

Any version before 3.7
affected

References

huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb

github.com/...ommit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

lists.debian.org/debian-lts-announce/2024/05/msg00006.html

lists.fedoraproject.org/...F2S5E23N6E52S46KGNYTDFB75LOC4N4D/

lists.fedoraproject.org/...S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/

lists.fedoraproject.org/...ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/

lists.fedoraproject.org/...4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/

huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb

github.com/...ommit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d

cve.org (CVE-2024-3651)

nvd.nist.gov (CVE-2024-3651)

Download JSON