DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-3651

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-3651

CGA ID

CGA-mcgj-mc29-crgj

Severity

7.5

High

CVSS V3

Description

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode() function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the idna.encode() function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images