Stanfromireland

**Name of the Vulnerable Software and Affected Versions** idna versions prior to 3.14 **Description** A specially crafted argument passed to the `idna.encode()` function can consume significant system resources, potentially leading to a denial-of-service. This occurs because payloads containing specific characters, such as `"u0660" * N` or `"u30fb" * N + "u6f22"`, utilize the `valid contexto()` function before length rejection occurs. For high values of `N`, the processing time increases significantly. **Recommendations** Update to version 3.14 or later to ensure long inputs are rejected prior to processing. As a temporary workaround, enforce a domain name length limit of 253 characters before passing the input to the `idna.encode()` function.

**Name of the Vulnerable Software and Affected Versions** pkgutil (affected versions not specified) **Description** The `pkgutil.get data()` function did not properly validate the `resource` argument, as documented. This allowed for path traversal, potentially enabling unauthorized access to files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.