Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-25186

Опубликовано: 10 фев. 2025
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 6.5

Описание

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser uses Range#to_a to convert the uid-set data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

code not present
focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

code not present
focal

not-affected

code not present
jammy

DNE

noble

DNE

oracular

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

code not present
noble

DNE

oracular

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

released

3.2.3-1ubuntu0.24.04.5
oracular

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

released

3.3.7-1ubuntu2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

oracular

released

3.3.4-2ubuntu5.2
upstream

needs-triage

Показывать по

EPSS

Процентиль: 52%
0.00288
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.5
redhat
6 месяцев назад

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.

CVSS3: 6.5
nvd
6 месяцев назад

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.

CVSS3: 6.5
msrc
4 месяца назад

Описание отсутствует

CVSS3: 6.5
debian
6 месяцев назад

Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...

CVSS3: 6.5
github
6 месяцев назад

Possible DoS by memory exhaustion in net-imap

EPSS

Процентиль: 52%
0.00288
Низкий

6.5 Medium

CVSS3