Skip to content

Commit 5d32206

Browse files
huda-khhuda-kh
committed
Better conform to ruby-advisory-db YAML schema
1 parent 6eee5b2 commit 5d32206

File tree

1 file changed

+18
-21
lines changed

1 file changed

+18
-21
lines changed

rubies/ruby/CVE‑2025‑24294.yml

Lines changed: 18 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,24 @@
1-
title: "CVE-2025-24294: DoS in resolv gem"
2-
cve: "CVE-2025-24294"
3-
date: "2025-07-08"
4-
url: "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/"
1+
---
2+
engine: ruby
3+
cve: 2025-24294
4+
url: https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
5+
title: Possible Denial of Service in resolv gem
6+
date: 2025-07-08
57
description: |
68
A denial of service vulnerability has been discovered in the `resolv` gem bundled with Ruby.
9+
710
The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.
811
An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet,
912
the name-decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.
1013
This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
11-
affected:
12-
- ruby: "3.2"
13-
gem: "resolv"
14-
versions: "<= 0.2.2"
15-
- ruby: "3.3"
16-
gem: "resolv"
17-
versions: "<= 0.3.0"
18-
- ruby: "3.4"
19-
gem: "resolv"
20-
versions: "<= 0.6.1"
21-
credits:
22-
- name: "Manu"
23-
source: "HackerOne"
24-
references:
25-
- url: "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/"
26-
- url: "https://www.cve.org/CVE-2025-24294"
27-
- url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resolv/CVE-2025-24294.yml"
14+
patched_versions:
15+
- "~> 3.2.9"
16+
- "~> 3.3.9"
17+
- ">= 3.4.5"
18+
related:
19+
url:
20+
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resolv/CVE-2025-24294.yml
21+
- https://www.cve.org/CVE-2025-24294
22+
- https://www.ruby-lang.org/en/news/2025/07/24/ruby-3-2-9-released/
23+
- https://www.ruby-lang.org/en/news/2025/07/24/ruby-3-3-9-released/
24+
- https://www.ruby-lang.org/en/news/2025/07/15/ruby-3-4-5-released/

0 commit comments

Comments
 (0)