ALT-PU-2024-13879-2

Package update python3-module-idna in branch sisyphus

Version3.7-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

MEDIUM6.5

Уязвимость функции idna.encode() интернационализированного доменна имен в приложениях (IDNA), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-05-30Modified: 2025-11-26

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2024-3651

HIGH7.5

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

Published: 2024-07-07Modified: 2025-11-04

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-jjg7-2v4v-x38h

MEDIUM6.9

Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode

Published: 2024-04-12Modified: 2025-11-05

CVSS 3.x

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0

CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References