CVE-2025-24294
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-16
Assigner: HackerOne
Description
Description
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.
An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.
This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruby | resolv | 0.3.0 |
| ruby | resolv | 0.2.2 |
| ruby | resolv | 0.6.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) condition by making the application thread unresponsive due to excessive CPU consumption during the decompression of a malicious DNS packet.
Can you explain this vulnerability to me?
This vulnerability occurs because the resolv library does not properly limit the length of a decompressed domain name in a DNS packet. An attacker can send a specially crafted DNS packet with a highly compressed domain name that, when decompressed, consumes excessive CPU resources. This leads to the application thread becoming unresponsive.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70