3 matches found
Use of Blocking Code in Single-threaded, Non-blocking Context
Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...
PT-2026-36987
Name of the Vulnerable Software and Affected Versions net-imap affected versions not specified Description A hostile IMAP server can trigger a computational denial-of-service attack on the client process during authentication using SCRAM-SHA1 or SCRAM-SHA256. By sending an arbitrarily large PBKDF...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the ResponseReader class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by including "literal" strings in responses sent to...