929208 – (CVE-2024-3651) <dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()

Bug 929208 (CVE-2024-3651) - <dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()

Summary: <dev-python/idna-3.7: potential DoS via resource consumption via specially cr...

Status:	CONFIRMED

Alias:	CVE-2024-3651

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://github.com/kjd/idna/security/...
Whiteboard:	A3 [glsa+]
Keywords:

Depends on:	929196
Blocks:
	Show dependency tree

Reported:	2024-04-12 11:41 UTC by Michał Górny
Modified:	2024-12-11 10:00 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2024-04-12 11:41:46 UTC

> A specially crafted argument to the idna.encode() function could consume significant resources. This may lead to a denial-of-service.

Fixed in 3.7.  Stabilization and cleanup already done.

Comment 1 Larry the Git Cow gentoo-dev

2024-12-11 09:59:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1fa31cb773ba572448d220fd22dfd187f550d13f

commit 1fa31cb773ba572448d220fd22dfd187f550d13f
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-12-11 09:59:38 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-12-11 09:59:49 +0000

    [ GLSA 202412-17 ] idna: Denial of Service
    
    Bug: https://bugs.gentoo.org/929208
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202412-17.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)