A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
                
            References
                    Configurations
                    History
                    15 Oct 2025, 13:15
| Type | Values Removed | Values Added | 
|---|---|---|
| CWE | CWE-1333 | 
19 Aug 2025, 19:48
| Type | Values Removed | Values Added | 
|---|---|---|
| CPE | cpe:2.3:a:kjd:internationalized_domain_names_in_applications:*:*:*:*:*:*:*:* | 
21 Nov 2024, 09:30
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d - Patch | |
| References | () https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb - Exploit, Patch | 
11 Jul 2024, 14:58
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d - Patch | |
| References | () https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb - Exploit, Patch | |
| CVSS | v2 : v3 : | v2 : unknown v3 : 7.5 | 
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:* | |
| First Time | Kjd Kjd internationalized Domain Names In Applications | 
08 Jul 2024, 15:49
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
07 Jul 2024, 18:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2024-07-07 18:15
Updated : 2025-10-15 13:15
NVD link : CVE-2024-3651
Mitre link : CVE-2024-3651
CVE.ORG link : CVE-2024-3651
JSON object : View
Products Affected
                kjd
- internationalized_domain_names_in_applications
CWE
                