290 matches found
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186
CVE-2025-25186 concerns Net::IMAP in Ruby. The DoS arises from the IMAP response parser reading highly compressed uid-set data without limiting expansion, potentially exhausting memory while a client remains connected. Fixed in versions 0.3.8, 0.4.19, 0.5.6, and later; affected range includes 0.3...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
PT-2025-6069
Name of the Vulnerable Software and Affected Versions Net::IMAP versions 0.3.2 through 0.3.7 Net::IMAP versions 0.4.0 through 0.4.18 Net::IMAP versions 0.5.0 through 0.5.5 Description There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time whil...
Net::IMAP 安全漏洞
Net::IMAP is a Ruby client api for the Message Access Protocol in the Ruby open source. A security vulnerability in Net::IMAP version 0.3.2 through versions prior to 0.3.8, 0.4.19, and 0.5.6, which stems from the response parser's unrestricted conversion of uid-set data, allows a malicious server...
Possible DoS by memory exhaustion in net-imap
Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...
ROS-20240723-03
Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...
BIT-RUBY-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
CentOS 9 : ruby-3.0.2-155.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.2-155.el9 build changelog. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, whic...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2023-1292)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and...
Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-3179...
ruby:2.5 security update
ruby 2.5.9-109.0.1 - Rebuild with a dependency containing fix for Orabug: 33921593 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in...
Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799...
Important: Red Hat Security Advisory: rh-ruby26-ruby security, bug fix, and enhancement update
An update for rh-ruby26-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
ruby:2.5 security update
ruby 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause...
Moderate: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...