CVE-2025-24294

Description

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

N/A
CVSS
Severity:
Affected: Ruby resolv
Published at:
Updated at:

References

Link Tags
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/

Frequently Asked Questions

What is the severity of CVE-2025-24294?
CVE-2025-24294 has not yet been assigned a CVSS score.
How to fix CVE-2025-24294?
To fix CVE-2025-24294, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-24294 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-24294 is being actively exploited.
What software or system is affected by CVE-2025-24294?
CVE-2025-24294 affects Ruby resolv.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.