18 matches found
CVE-2026-47240
Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a “raw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...
CVE-2026-42257
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. Several Net::IMAP commands accept raw string arguments that are sent to the server without proper validation or escaping. If an application uses user-controlled input for these arguments,...
CVE-2026-42257
CVE-2026-42257 affects the Ruby Net::IMAP library where, prior to versions 0.4.24, 0.5.14, and 0.6.4, several IMAP commands accept a raw string argument sent to the server without validation or escaping. If derived from user input, this can include CRLF sequences and allow injection of arbitrary ...
Ruby net-imap < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 Multiple Vulnerabilities
The version of the net-imap Ruby library installed on the remote host is prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by multiple vulnerabilities. - The Net::IMAP::ResponseReader component is affected by a quadratic time complexity flaw when parsing...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...
ruby:3.3 security update
An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2025:8131 Moderate: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...
The vulnerability of the Net::IMAP module in the Ruby programming language, which allows a hacker to trigger a service failure
The vulnerability of the Net::IMAP module in the Ruby programming language is related to uncontrolled memory allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...
GHSA-J3G3-5QV5-52MJ net-imap rubygem vulnerable to possible DoS by memory exhaustion
Summary There is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader...
net-imap rubygem vulnerable to possible DoS by memory exhaustion
Summary There is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader...
Internet Bug Bounty: Denial of Service by memory exhaustion in net/imap
A vulnerability was discovered in the net-imap library that allowed denial of service by memory exhaustion. The vulnerability was caused by the library automatically reading and allocating memory for the size of "literal" strings sent by the server, without any limit on the size. This could be...
Denial Of Service
Net::IMAP is vulnerable to Denial of Service DoS. The vulnerability is due to memory exhaustion due to the response parser's use of Rangetoa, which allows a malicious server to send highly compressed uid-set data, leading to uncontrolled memory expansion...
GHSA-7FC5-F82F-CX69 Possible DoS by memory exhaustion in net-imap
Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
PT-2025-6069
Name of the Vulnerable Software and Affected Versions Net::IMAP versions 0.3.2 through 0.3.7 Net::IMAP versions 0.4.0 through 0.4.18 Net::IMAP versions 0.5.0 through 0.5.5 Description There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time whil...