CVE-2024-12224

Publication date 30 May 2025

Last updated 4 June 2025

Ubuntu priority

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rust-idna	25.04 plucky	Needs evaluation
	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-12224
https://rustsec.org/advisories/RUSTSEC-2024-0421.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898