You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ruby resolv vulnerability
About this tag
The ruby resolv vulnerability tag covers CVE-2025-24294, a denial-of-service flaw in Ruby's bundled DNS resolver library. This vulnerability allows an attacker to send a crafted DNS packet with aggressively compressed domain names, causing excessive CPU and memory consumption during name decompression. The issue affects applications using vulnerable versions of the resolv library, potentially leading to thread hangs or crashes. Patches are available from Ruby's official release. Windows users running Ruby applications that rely on resolv for DNS resolution should update promptly to mitigate the risk of remote DoS attacks.
A deceptively small bug in Ruby’s bundled DNS resolver library, resolv, can be weaponized to grind application threads to a halt: CVE-2025-24294 is a name‑decompression weakness that allows an attacker to feed a crafted DNS packet with an aggressively compressed domain name and force excessive...