CVE-2026-46727

Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...