{"id":"CVE-2024-3651","details":"A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.","aliases":["GHSA-jjg7-2v4v-x38h","PYSEC-2024-60"],"modified":"2026-03-15T22:49:31.592051Z","published":"2024-07-07T18:15:09.827Z","related":["ALSA-2024:3466","ALSA-2024:3846","ALSA-2024:4260","CGA-hp6r-9hv6-83rp","MGASA-2024-0245","RLSA-2024:3466","SUSE-SU-2024:1428-1","SUSE-SU-2024:1439-1","SUSE-SU-2024:1439-2","SUSE-SU-2024:1939-1","SUSE-SU-2024:4020-1","SUSE-SU-2024:4021-1","SUSE-SU-2024:4029-1","openSUSE-SU-2024:13874-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00006.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/"},{"type":"FIX","url":"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"},{"type":"FIX","url":"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kjd/idna","events":[{"introduced":"001644567c3f1e1c7e62cfff806be7dad1be8cd3"},{"fixed":"1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"}],"database_specific":{"versions":[{"introduced":"0.2"},{"fixed":"3.7"}]}}],"versions":["v0.2","v0.3","v0.4","v0.5","v0.6","v0.7","v0.8","v0.9","v1.0","v1.1","v2.0","v2.1","v2.10","v2.2","v2.3","v2.4","v2.5","v2.6","v2.7","v2.8","v2.9","v3.0","v3.1","v3.2","v3.3","v3.4","v3.5","v3.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3651.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}