Описание
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode() function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the idna.encode() function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.
Отчет
The vulnerability in the idna.encode() function, allowing for resource consumption via specially crafted arguments, is categorized as a moderate severity issue due to its potential impact on system availability rather than data integrity or confidentiality. While the vulnerability can lead to a denial-of-service condition, it requires the passing of unusually large or maliciously crafted inputs to exploit. Normal usage scenarios typically do not encounter such inputs.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | python-idna | Not affected | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python-idna | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | python-idna | Out of support scope | ||
| Red Hat Satellite 6 | ansiblerole-foreman_scap_client | Affected | ||
| Red Hat Satellite 6 | python-idna | Affected | ||
| Red Hat Satellite 6 | python-idna-ssl | Affected | ||
| Red Hat Software Collections | rh-python38-python-idna | Not affected | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | python-idna | Will not fix | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | python-idna-ssl | Will not fix | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-idna | Fixed | RHSA-2024:3781 | 10.06.2024 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
A vulnerability was identified in the kjd/idna library, specifically w ...
6.5 Medium
CVSS3