VulnerableCode Package Details - pkg:gem/resolv@0.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-wsss-kt87-2qdv Aliases: CVE-2025-24294 GHSA-xh69-987w-hrp8	resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)	0.2.3 Affected by 0 other vulnerabilities. 0.3.1 Affected by 0 other vulnerabilities. 0.6.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-wsss-kt87-2qdv
Aliases:
CVE-2025-24294
GHSA-xh69-987w-hrp8

resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)

0.2.3
Affected by 0 other vulnerabilities.

0.3.1
Affected by 0 other vulnerabilities.

0.6.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:33:13.271555+00:00	GitLab Importer	Affected by	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.4.0
2026-04-12T00:53:14.576524+00:00	GitLab Importer	Affected by	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.3.0
2026-04-03T01:01:22.845761+00:00	GitLab Importer	Affected by	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.1.0