ISHACK AI BOT

Oracle Linux: CVE-2024-6409: ELSA-2024-4457:openssh security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:C) Published 07/08/2024 Created 07/12/2024 Added 08/16/2024 Modified 11/22/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) oracle-linux-upgrade-openssh oracle-linux-upgrade-openssh-askpass oracle-linux-upgrade-openssh-clients oracle-linux-upgrade-openssh-keycat oracle-linux-upgrade-openssh-server oracle-linux-upgrade-pam-ssh-agent-auth References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 ELSA-2024-4457

OpenVPN service pipe to be accessed remotely (CVE-2024-24974) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/08/2024 Created 12/14/2024 Added 12/12/2024 Modified 12/12/2024 Description The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. Solution(s) openvpn-openvpn-upgrade-latest References https://attackerkb.com/topics/cve-2024-24974 CVE - 2024-24974 https://community.openvpn.net/openvpn/wiki/CVE-2024-24974 https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ https://www.mail-archive.com/[email protected]/msg07534.html

OpenVPN stack overflow (CVE-2024-27459) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/08/2024 Created 12/14/2024 Added 12/12/2024 Modified 12/12/2024 Description The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. Solution(s) openvpn-openvpn-upgrade-latest References https://attackerkb.com/topics/cve-2024-27459 CVE - 2024-27459 https://community.openvpn.net/openvpn/wiki/CVE-2024-27459 https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ https://www.mail-archive.com/[email protected]/msg07534.html

OpenVPN plug-ins can be loaded from any directory (CVE-2024-27903) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/08/2024 Created 12/14/2024 Added 12/12/2024 Modified 12/12/2024 Description OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. Solution(s) openvpn-openvpn-upgrade-latest References https://attackerkb.com/topics/cve-2024-27903 CVE - 2024-27903 https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ https://www.mail-archive.com/[email protected]/msg07534.html

SUSE: CVE-2024-39312: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5. Solution(s) suse-upgrade-botan suse-upgrade-botan-doc suse-upgrade-libbotan-2-19 suse-upgrade-libbotan-2-19-32bit suse-upgrade-libbotan-2-19-64bit suse-upgrade-libbotan-devel suse-upgrade-libbotan-devel-32bit suse-upgrade-libbotan-devel-64bit suse-upgrade-python3-botan References https://attackerkb.com/topics/cve-2024-39312 CVE - 2024-39312

SUSE: CVE-2024-34702: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5. Solution(s) suse-upgrade-botan suse-upgrade-botan-doc suse-upgrade-libbotan-2-19 suse-upgrade-libbotan-2-19-32bit suse-upgrade-libbotan-2-19-64bit suse-upgrade-libbotan-devel suse-upgrade-libbotan-devel-32bit suse-upgrade-libbotan-devel-64bit suse-upgrade-python3-botan References https://attackerkb.com/topics/cve-2024-34702 CVE - 2024-34702

Rocky Linux: CVE-2024-6409: openssh (RLSA-2024-4457) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 07/16/2024 Added 07/16/2024 Modified 11/18/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) rocky-upgrade-openssh rocky-upgrade-openssh-askpass rocky-upgrade-openssh-askpass-debuginfo rocky-upgrade-openssh-clients rocky-upgrade-openssh-clients-debuginfo rocky-upgrade-openssh-debuginfo rocky-upgrade-openssh-debugsource rocky-upgrade-openssh-keycat rocky-upgrade-openssh-keycat-debuginfo rocky-upgrade-openssh-server rocky-upgrade-openssh-server-debuginfo rocky-upgrade-pam_ssh_agent_auth rocky-upgrade-pam_ssh_agent_auth-debuginfo References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 https://errata.rockylinux.org/RLSA-2024:4457

Red Hat JBossEAP: Uncontrolled Recursion (CVE-2024-5971) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/08/2024 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.. A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-5971 CVE - 2024-5971 https://access.redhat.com/security/cve/CVE-2024-5971 https://bugzilla.redhat.com/show_bug.cgi?id=2292211 https://access.redhat.com/errata/RHSA-2024:4392 https://access.redhat.com/errata/RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5147 View more

Red Hat OpenShift: CVE-2024-6409: openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 07/26/2024 Added 07/25/2024 Modified 08/23/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 RHSA-2024:4457 RHSA-2024:4613 RHSA-2024:4716 RHSA-2024:4910 RHSA-2024:4955 RHSA-2024:4960 RHSA-2024:5444 View more

Security Advisory 0100 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/08/2024 Created 09/10/2024 Added 09/04/2024 Modified 12/17/2024 Description Arista Networks is providing this security update in response to the OpenSSH security vulnerability CVE-2024-6387, named regreSSHion. The vulnerability involves a signal handler race condition that can lead to a potential unauthenticated remote code execution in OpenSSH's server (sshd) in glibc-based Linux systems, granting full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk. Solution(s) upgrade-solution-CVE-2024-6387 References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://www.arista.com//en/support/advisories-notices/security-advisory/19904-security-advisory-0100

F5 Networks: CVE-2024-6409: K000140975: OpenSSH vulnerability CVE-2024-6409 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 09/10/2024 Added 09/09/2024 Modified 09/09/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 https://my.f5.com/manage/s/article/K000140975

Huawei EulerOS: CVE-2024-6409: openssh security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) huawei-euleros-2_0_sp12-upgrade-openssh huawei-euleros-2_0_sp12-upgrade-openssh-clients huawei-euleros-2_0_sp12-upgrade-openssh-server References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 EulerOS-SA-2024-2536

Alpine Linux: CVE-2024-39695: Out-of-bounds Read Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/08/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3. Solution(s) alpine-linux-upgrade-exiv2 References https://attackerkb.com/topics/cve-2024-39695 CVE - 2024-39695 https://security.alpinelinux.org/vuln/CVE-2024-39695

Alpine Linux: CVE-2024-34702: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/08/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5. Solution(s) alpine-linux-upgrade-botan References https://attackerkb.com/topics/cve-2024-34702 CVE - 2024-34702 https://security.alpinelinux.org/vuln/CVE-2024-34702

Alpine Linux: CVE-2024-39312: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/08/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5. Solution(s) alpine-linux-upgrade-botan References https://attackerkb.com/topics/cve-2024-39312 CVE - 2024-39312 https://security.alpinelinux.org/vuln/CVE-2024-39312

Alpine Linux: CVE-2024-28882: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/08/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session Solution(s) alpine-linux-upgrade-openvpn References https://attackerkb.com/topics/cve-2024-28882 CVE - 2024-28882 https://security.alpinelinux.org/vuln/CVE-2024-28882

Red Hat: CVE-2024-6409: openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:C) Published 07/08/2024 Created 07/16/2024 Added 07/16/2024 Modified 09/03/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) redhat-upgrade-openssh redhat-upgrade-openssh-askpass redhat-upgrade-openssh-askpass-debuginfo redhat-upgrade-openssh-clients redhat-upgrade-openssh-clients-debuginfo redhat-upgrade-openssh-debuginfo redhat-upgrade-openssh-debugsource redhat-upgrade-openssh-keycat redhat-upgrade-openssh-keycat-debuginfo redhat-upgrade-openssh-server redhat-upgrade-openssh-server-debuginfo redhat-upgrade-openssh-sk-dummy-debuginfo redhat-upgrade-pam_ssh_agent_auth redhat-upgrade-pam_ssh_agent_auth-debuginfo References CVE-2024-6409 RHSA-2024:4457 RHSA-2024:4716

Red Hat JBossEAP: Missing Release of Memory after Effective Lifetime (CVE-2024-3653) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/08/2024 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.. A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-3653 CVE - 2024-3653 https://access.redhat.com/security/cve/CVE-2024-3653 https://bugzilla.redhat.com/show_bug.cgi?id=2274437 https://access.redhat.com/errata/RHSA-2024:4392 https://access.redhat.com/errata/RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5147 View more

Amazon Linux 2023: CVE-2024-36137: Medium priority package update for nodejs20 Severity 3 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:N) Published 07/08/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. Solution(s) amazon-linux-2023-upgrade-nodejs20 amazon-linux-2023-upgrade-nodejs20-debuginfo amazon-linux-2023-upgrade-nodejs20-debugsource amazon-linux-2023-upgrade-nodejs20-devel amazon-linux-2023-upgrade-nodejs20-docs amazon-linux-2023-upgrade-nodejs20-full-i18n amazon-linux-2023-upgrade-nodejs20-libs amazon-linux-2023-upgrade-nodejs20-libs-debuginfo amazon-linux-2023-upgrade-nodejs20-npm amazon-linux-2023-upgrade-v8-11-3-devel References https://attackerkb.com/topics/cve-2024-36137 CVE - 2024-36137 https://alas.aws.amazon.com/AL2023/ALAS-2024-768.html

MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2024-40605) Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 07/07/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2024-40605 CVE - 2024-40605 https://phabricator.wikimedia.org/T361452

Huawei EulerOS: CVE-2024-3651: python-idna security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/07/2024 Created 07/23/2024 Added 07/23/2024 Modified 01/30/2025 Description A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. Solution(s) huawei-euleros-2_0_sp8-upgrade-python2-idna huawei-euleros-2_0_sp8-upgrade-python3-idna References https://attackerkb.com/topics/cve-2024-3651 CVE - 2024-3651 EulerOS-SA-2024-2487

MediaWiki: Cross-Site Request Forgery (CSRF) (CVE-2024-40601) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/07/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2024-40601 CVE - 2024-40601 https://phabricator.wikimedia.org/T362588

MediaWiki: Cross-Site Request Forgery (CSRF) (CVE-2024-40603) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/07/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2024-40603 CVE - 2024-40603 https://phabricator.wikimedia.org/T363884

Amazon Linux AMI 2: CVE-2024-3651: Security patch for python-idna, python-pip, python3-idna, python38-pip (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/07/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. Solution(s) amazon-linux-ami-2-upgrade-python-idna amazon-linux-ami-2-upgrade-python-pip-wheel amazon-linux-ami-2-upgrade-python2-pip amazon-linux-ami-2-upgrade-python3-idna amazon-linux-ami-2-upgrade-python3-pip amazon-linux-ami-2-upgrade-python38-pip References https://attackerkb.com/topics/cve-2024-3651 AL2/ALAS-2024-2679 AL2/ALAS-2024-2680 AL2/ALAS-2024-2699 AL2/ALASPYTHON3.8-2024-015 CVE - 2024-3651

Huawei EulerOS: CVE-2024-3651: python-pip security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/07/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-pip References https://attackerkb.com/topics/cve-2024-3651 CVE - 2024-3651 EulerOS-SA-2024-2357