CVE-2024-3651 Information

Description

A vulnerability was identified in the kjd/idna library specifically within the idna.encode() function affecting version 3.6. The issue arises from the function’s handling of crafted input strings which can lead to quadratic complexity and consequently a denial of service condition. This vulnerability is triggered by a crafted input that causes the idna.encode() function to process the input with considerable computational load significantly increasing the processing time in a quadratic manner relative to the input size.

Reference

https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d