CVE-2024-3651 – Denial of Service via Quadratic Complexity in kjd/idna

https://notcve.org/view.php?id=CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. Se identificó una vulnerabilidad en la librería kjd/idna, específicamente dentro de la función `idna.encode()`, afectando a la versión 3.6. El problema surge del manejo por parte de la función de cadenas de entrada manipuladas, lo que puede generar complejidad cuadrática y, en consecuencia, una condición de denegación de servicio. • https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 • CWE-400: Uncontrolled Resource Consumption •