Bug 2369303 (CVE-2024-12224) - CVE-2024-12224 idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded
Summary: CVE-2024-12224 idna: idna accepts Punycode labels that do not produce any non...
Keywords:
Status: NEW
Alias: CVE-2024-12224
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2370556 2370558 2370562 2370565 2370569 2370572 2370573 2370576 2370577 2370581 2370582 2370584 2370585 2370588 2370590 2370592 2370595 2370596 2370603 2370557 2370559 2370560 2370561 2370563 2370564 2370566 2370567 2370568 2370570 2370571 2370574 2370575 2370578 2370579 2370580 2370583 2370586 2370587 2370589 2370591 2370593 2370594 2370597 2370598 2370599 2370600 2370601 2370602
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-30 02:01 UTC by OSIDB Bzimport
Modified: 2025-09-01 08:27 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-30 02:01:11 UTC 
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Note You need to log in before you can comment on or make changes to this bug.