CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
mozillaCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
rust-idna
bullseye
postponed
bookworm
no-dsa
trixie
1.0.3-2
fixed
sid
1.0.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rust-idna
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
https://rustsec.org/advisories/RUSTSEC-2024-0421.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898