Description
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Product status
0.2 (custom)
0.3.0 (custom)
0.6 (custom)
References
www.ruby-lang.org/...s/2025/07/08/dos-resolv-cve-2025-24294/
www.ruby-lang.org/...s/2025/07/08/dos-resolv-cve-2025-24294/