GHSA-XH69-987W-HRP8 resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Improper Validation of Specified Quantity in Input

Overview resolv is a Thread-aware DNS resolver library in Ruby. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the getlabels function in the resolv.rb file. An attacker can cause excessive CPU resource consumption and make the applicatio...

AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

AZL-65241 CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby, which stems from insufficient checking of the length of decompressed domain names in DNS packets, which could lead to a...

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

...

Azure Linux 3.0 Security Update: ruby (CVE-2024-43398)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML tha...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-43398)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it...

Azure Linux 3.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

CBL Mariner 2.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4. A patched version of the package is available...

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1

CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem. Details The vulnerability is caused by an insufficient check on the length of a decompressed...

PT-2025-28418 · Ruby +1 · Resolve +2

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to a possible Denial of Service in the resolv gem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents...

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name...

Oracle Linux 8 : ruby:3.3 (ELSA-2025-10217)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-10217 advisory. - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 - Fix...

RHSA-2025:10217 Red Hat Security Advisory: ruby:3.3 security update

Bulletin has no description...