CLSA-2026-1768301582 ruby: Fix of CVE-2025-24294

CVE-2025-24294: Limit the length of a decompressed domain name to prevent DoS in resolv gem...

AlmaLinux 10 : ruby (ALSA-2025:23141)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23141 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 Tenable has extracted the preceding description blo...

RLSA-2025:23141 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

RLSA-2025:23063 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

RockyLinux 9 : ruby:3.3 (RLSA-2025:23063)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23063 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 Tenable has extracted the preceding description blo...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

Oracle Linux 9 : ruby:3.3 (ELSA-2025-23063)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23063 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracted...

Oracle Linux 10 : ruby (ELSA-2025-23141)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23141 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracte...

Oracle Linux 8 : ruby:3.3 (ELSA-2025-23062)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23062 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracted...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

GHSA-XH69-987W-HRP8 resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...

resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem. Details The vulnerability is caused by an insufficient check on the length of a decompressed...

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name...

PT-2025-28418 · Ruby +1 · Resolve +2

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to a possible Denial of Service in the resolv gem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents...