Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: sbclPackages.idna

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2024-12224

created 6 months ago

idna accepts Punycode labels that do not produce any non-ASCII when decoded

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

References

https://rustsec.org/advisories/RUSTSEC-2024-0421.html vendor-advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 issue-tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 exploit

Affected products

idna

<1.0.0

Matching in nixpkgs

pkgs.echidna

Ethereum smart contract fuzzer

nixos-unstable -
- nixpkgs-unstable 2.2.6

pkgs.unicode-idna

Unicode IDNA compatible processing data

nixos-unstable -
- nixpkgs-unstable 16.0.0

pkgs.kodiPackages.idna

Internationalized Domain Names for Python

nixos-unstable -
- nixpkgs-unstable 3.10.0

pkgs.sbclPackages.idna

None

nixos-unstable -
- nixpkgs-unstable 20120107-git

pkgs.python312Packages.idna

Internationalized Domain Names in Applications (IDNA)

nixos-unstable -
- nixpkgs-unstable 3.10

pkgs.python313Packages.idna

Internationalized Domain Names in Applications (IDNA)

nixos-unstable -
- nixpkgs-unstable 3.10

pkgs.python312Packages.idna-ssl

Patch ssl.match_hostname for Unicode(idna) domains support

nixos-unstable -
- nixpkgs-unstable 1.1.0

pkgs.python313Packages.idna-ssl

Patch ssl.match_hostname for Unicode(idna) domains support

nixos-unstable -
- nixpkgs-unstable 1.1.0

Package maintainers

@hellwolf Miao, ZhiCheng <zhicheng.miao@gmail.com>
@arcz Artur Cygan <arczicygan@gmail.com>
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
@cpages Carles Pagès <page@ruiec.cat>
@minijackson Rémi Nicole <minijackson@riseup.net>
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
@aanderse Aaron Andersen <aaron@fosslib.net>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
@nagy Daniel Nagy <danielnagy@posteo.de>
@hraban Hraban Luyat <hraban@0brg.net>
@lukego Luke Gorrie <luke@snabb.co>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>

1