As part of IDNA, multilingual domain names in all languages are supported by Unicode (IDNA: Internationalized Domain Names in Application) and the conversion takes place entirely on the client (web browser).Only characters, numbers, and hyphens are allowed and strings always use the “XN-” prefix.The algorithm used to convert Unicode strings to ASCII strings by encoding Unicode strings only with characters allowed in the host name.
In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verification introduced in OpenSSL 3.0.0. This vulnerability is related to X.509 Email Address Buffer Overflow. On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602.