AIX Open Source

 View Only
  • 1.  CVE-2024-3651 - idna library

    Posted Wed July 10, 2024 03:33 PM

    Hi open source team, question regarding CVE-2024-3651. Currently we don't have that package installed, however I am seeing some idna files in the Python 3.9.19 version in AIX

    /opt/freeware/lib/python3.9/encodings/idna.py

    Do these come by default in Python 3.9.19 and would this makes us vulnerable to the CVE in question?

    Thanks in advance



    ------------------------------
    Pablo Daniel Zuñiga TREJO
    ------------------------------


  • 2.  RE: CVE-2024-3651 - idna library

    Posted Fri July 12, 2024 04:25 AM
    Edited by Ayappan P Fri July 12, 2024 04:25 AM

    This CVE is affecting a separate third party python module "idna" -->  https://github.com/kjd/idna . Not related to the idna encodings that comes with main python. 



    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: CVE-2024-3651 - idna library

    Posted Fri July 12, 2024 12:10 PM

    Thanks for the response Ayappan!



    ------------------------------
    Pablo Daniel Zuñiga TREJO
    ------------------------------