CVE-2024-3651
Published: 23 April 2024
[potential DoS via resource consumption via specially crafted inputs to idna.encode()]
Notes
Author | Note |
---|---|
mdeslaur | On focal and earlier, the python-pip package bundles python-idna binaries when built. After updating python-idna, a no-change rebuild of python-pip is required. On jammy and later, python-idna is bundled in the python-pip package and needs to be patched. |
Priority
Status
Package | Release | Status |
---|---|---|
python-idna Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 |
||
python-pip Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|