A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-07-07T17:22:10.032Z
Updated: 2024-08-01T20:20:00.683Z
Reserved: 2024-04-10T23:50:44.569Z
Link: CVE-2024-3651
Vulnrichment
Updated: 2024-08-01T20:20:00.683Z
NVD
Status : Analyzed
Published: 2024-07-07T18:15:09.827
Modified: 2024-07-11T14:58:01.803
Link: CVE-2024-3651
Redhat