You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 3651
About this tag
CVE-2024-3651 is a denial-of-service vulnerability in the kjd/idna library, specifically in the idna.encode() routine, caused by quadratic complexity. The issue is patched upstream in idna version 3.7. Microsoft has acknowledged that Azure Linux includes this open-source library and is potentially affected. The vulnerability has been mapped by multiple distributors to packaged Python runtimes. Discussions on WindowsForum cover the scope of the advisory, clarifying that Microsoft's language is a product-scoped attestation rather than a guarantee that no other Microsoft products contain the vulnerable library. The tag provides a focused look at the technical details, patching status, and implications for Azure Linux and related systems.
The vulnerability tracked as CVE‑2024‑3651 — a denial‑of‑service condition caused by quadratic complexity in the kjd/idna library’s idna.encode() routine — is real, patched upstream in idna 3.7, and has been mapped by multiple distributors to packaged Python runtimes. Microsoft’s public advisory...