Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24294

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Published

2025-07-12T04:15:46.683

Last Modified

2025-07-16T14:15:23.037

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400

Affected Vendors & Products

References

https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/ ([email protected])
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/ (134c704f-9b21-4f2e-91b3-4a467353bcc0)