You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 24294
About this tag
CVE-2025-24294 is a denial-of-service vulnerability in Ruby's bundled DNS resolver library, resolv. The flaw involves a name-decompression weakness that allows an attacker to send a crafted DNS packet with an aggressively compressed domain name. This triggers excessive CPU and memory usage during decompression, causing a reliable DoS against processes using vulnerable resolv versions. The vulnerability affects Ruby applications that rely on the resolv library for DNS resolution. Users are advised to patch immediately to prevent service disruption. The issue is specific to Ruby's DNS resolver and does not directly impact Windows systems unless Ruby is used in a Windows environment.
A deceptively small bug in Ruby’s bundled DNS resolver library, resolv, can be weaponized to grind application threads to a halt: CVE-2025-24294 is a name‑decompression weakness that allows an attacker to feed a crafted DNS packet with an aggressively compressed domain name and force excessive...