CVE-2025-24294

ADVISORY - github

Summary

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby.

Details

The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Affected Version

The vulnerability affects the resolv gem bundled with the following Ruby series:

Ruby 3.2 series: resolv version 0.2.2 and earlier
Ruby 3.3 series: resolv version 0.3.0
Ruby 3.4 series: resolv version 0.6.1 and earlier

Credits

Thanks to Manu for discovering this issue.

History

Originally published at 2025-07-08 07:00:00 (UTC)

EPSS Score⁠: 0.0003 (0.075)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.