929208 – (CVE-2024-3651) <dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()

Bug 929208 (CVE-2024-3651) - <dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()

Summary: <dev-python/idna-3.7: potential DoS via resource consumption via specially cr...

Status:	CONFIRMED

Alias:	CVE-2024-3651

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/kjd/idna/security/...
Whiteboard:	A3 [glsa?]
Keywords:

Depends on:	929196
Blocks:
	Show dependency tree

Reported:	2024-04-12 11:41 UTC by Michał Górny
Modified:	2024-04-12 11:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2024-04-12 11:41:46 UTC

> A specially crafted argument to the idna.encode() function could consume significant resources. This may lead to a denial-of-service.

Fixed in 3.7.  Stabilization and cleanup already done.