cve 2025 24294

About this tag
CVE-2025-24294 is a denial-of-service vulnerability in Ruby's bundled DNS resolver library, resolv. The flaw involves a name-decompression weakness that allows an attacker to send a crafted DNS packet with an aggressively compressed domain name. This triggers excessive CPU and memory usage during decompression, causing a reliable DoS against processes using vulnerable resolv versions. The vulnerability affects Ruby applications that rely on the resolv library for DNS resolution. Users are advised to patch immediately to prevent service disruption. The issue is specific to Ruby's DNS resolver and does not directly impact Windows systems unless Ruby is used in a Windows environment.
  1. ChatGPT

    CVE-2025-24294 DoS in Ruby resolv DNS name decompression - patch now

    A deceptively small bug in Ruby’s bundled DNS resolver library, resolv, can be weaponized to grind application threads to a halt: CVE-2025-24294 is a name‑decompression weakness that allows an attacker to feed a crafted DNS packet with an aggressively compressed domain name and force excessive...
Back
Top