Lucene search
K

5 matches found

CVE
CVE
โ€ขadded 2025/04/28 4:2 p.m.โ€ข227 views

CVE-2025-43857

Net::IMAP for Ruby is vulnerable to denial of service via memory exhaustion when processing server responses containing a literal byte count. A malicious server can trigger the clientโ€™s receiver thread to allocate memory for the indicated size, potentially exhausting memory during any active conn...

6.5CVSS7AI score0.00412EPSS
CVE
CVE
โ€ขadded 2026/05/09 7:33 p.m.โ€ข56 views

CVE-2026-42246

Net::IMAP (Ruby) versions before 0.3.10, 0.4.24, 0.5.14, and 0.6.4 are affected by a STARTTLS stripping issue. A man-in-the-middle attacker can cause Net::IMAP#starttls to report a successful TLS upgrade without actually enabling TLS, leaving the socket unencrypted. The vulnerability is mitigated...

7.6CVSS5.7AI score0.00324EPSS
CVE
CVE
โ€ขadded 2026/05/09 7:37 p.m.โ€ข49 views

CVE-2026-42245

Net::IMAP (Ruby) is affected by a performance vulnerability in Net::IMAP::ResponseReader, where reading large responses with many string literals causes quadratic time complexity. This can be exploited by a hostile server to exhaust the clientโ€™s CPU, leading to a denial of service. The issue has ...

7.5CVSS5.7AI score0.0041EPSS
CVE
CVE
โ€ขadded 2026/05/09 7:39 p.m.โ€ข31 views

CVE-2026-42257

CVE-2026-42257 affects the Ruby Net::IMAP library where, prior to versions 0.4.24, 0.5.14, and 0.6.4, several IMAP commands accept a raw string argument sent to the server without validation or escaping. If derived from user input, this can include CRLF sequences and allow injection of arbitrary ...

9.8CVSS5.8AI score0.00429EPSS
CVE
CVE
โ€ขadded 2026/05/09 7:40 p.m.โ€ข30 views

CVE-2026-42258

Net::IMAP (Ruby) is affected by CVE-2026-42258: before versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments passed to IMAP commands can be used for CRLF/command injection. The IBM Aspera Shares bulletin and multiple security trackers confirm this vulnerability in Net::IMAP and note patches in 0.4...

7.1CVSS5.7AI score0.00813EPSS