cve/2024/CVE-2024-3651.md

### [CVE-2024-3651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651)
![](https://img.shields.io/static/v1?label=Product&message=kjd%2Fidna&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brightgreen)

### Description

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/GitHubForSnap/matrix-commander-gael
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/h4ckm1n-dev/report-test
- https://github.com/rsys-fchaliss/hebe