The vulnerability of the Active Support PostgreSQL Ruby interpreter component, which allows a hacker to trigger a service failure.

The vulnerability of the Active Support PostgreSQL Ruby interpreter’s component is related to insufficient validation of data entered by users in the Inflector.underscore. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework, which allows a hacker to trigger a service failure.

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

CVE-2025-25186

A flaw was found in Ruby's net-imap library. In certain versions, there is a possibility for denial of service by memory exhaustion in the net-imap response parser. At any time while the client is connected, a malicious server can send highly compressed uid-set data, which is automatically read b...

Internet Bug Bounty: Possible DoS by memory exhaustion in net/imap

The net-imap gem implemented an IMAP client in Ruby. Versions prior to 0.3.8, 0.4.19, and 0.5.6 contained a vulnerability that could lead to denial of service by memory exhaustion. The vulnerability was caused by the response parser using Rangetoa to convert uid-set data without limiting the...

DLA-4018-2 ruby2.7 - regression update

Bulletin has no description...

Ubuntu: Security Advisory (USN-6838-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6838-2 ruby2.3, ruby2.5 vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...

USN-6838-2: Ruby vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...

GHSA-7FC5-F82F-CX69 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-rails, ruby3.3-net-imap, ruby3.4-net-imap, ruby3.3-rails, ruby3.2-net-imap, logstash, ruby3.4-rails...

AZL-56555 CVE-2025-25186 affecting package ruby for versions less than 3.3.5-3

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-rails, ruby3.3-net-imap, ruby3.4-net-imap, ruby3.3-rails, ruby3.2-net-imap, logstash, ruby3.4-rails...

DEBIAN-CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

UBUNTU-CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

CVE-2025-25186

CVE-2025-25186 concerns Net::IMAP in Ruby. The DoS arises from the IMAP response parser reading highly compressed uid-set data without limiting expansion, potentially exhausting memory while a client remains connected. Fixed in versions 0.3.8, 0.4.19, 0.5.6, and later; affected range includes 0.3...

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerability (USN-6838-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6838-2 advisory. USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2....

Azure Linux 3.0 Security Update: ruby (CVE-2024-27282)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27282 advisory. - An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex...