Описание
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby3.3 | unfixed | package | ||
| ruby3.3 | no-dsa | trixie | package | |
| ruby3.1 | removed | package | ||
| ruby3.1 | no-dsa | bookworm | package | |
| ruby2.7 | removed | package | ||
| ruby2.7 | postponed | bullseye | package |
Примечания
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
https://github.com/ruby/resolv/commit/4c2f71b5e80826506f78417d85b38481c058fb25 (v0.6.2)
https://github.com/ruby/resolv/commit/24ed513f028d8e5c76310fcdecf07f79eb721a32 (v0.3.1)
https://github.com/ruby/resolv/commit/cde34cac9d87c37b33c19eede3ed49ac3f465a18 (v0.2.3)
EPSS
Связанные уязвимости
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
resolv vulnerable to DoS via insufficient DNS domain name length validation
EPSS