You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
idna vulnerability
About this tag
The IDNA vulnerability tag covers CVE-2024-3651, a denial-of-service flaw in the kjd/idna library caused by quadratic complexity in the idna.encode() routine. This vulnerability is patched upstream in idna version 3.7 and has been mapped to packaged Python runtimes by multiple distributors. Microsoft's advisory names Azure Linux as a product that includes the affected open-source library, but the language is a product-scoped attestation rather than a guarantee that no other Microsoft artifact contains the vulnerable library. Discussions on WindowsForum focus on understanding the scope of the patch, the technical details of the DoS condition, and the implications for Azure Linux and potentially other systems.
The vulnerability tracked as CVE‑2024‑3651 — a denial‑of‑service condition caused by quadratic complexity in the kjd/idna library’s idna.encode() routine — is real, patched upstream in idna 3.7, and has been mapped by multiple distributors to packaged Python runtimes. Microsoft’s public advisory...