VulnerableCode Package Details - pkg:gem/resolv@0.6.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wsss-kt87-2qdv	resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)	CVE-2025-24294 GHSA-xh69-987w-hrp8

Vulnerability

Summary

Aliases

VCID-wsss-kt87-2qdv

resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)

CVE-2025-24294
GHSA-xh69-987w-hrp8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:33:13.334489+00:00	GitLab Importer	Fixing	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.4.0
2026-04-12T00:53:14.640979+00:00	GitLab Importer	Fixing	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.3.0
2026-04-07T04:58:12.716577+00:00	GHSA Importer	Fixing	VCID-wsss-kt87-2qdv	https://github.com/advisories/GHSA-xh69-987w-hrp8	38.1.0
2026-04-03T01:01:22.908833+00:00	GitLab Importer	Fixing	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.1.0
2026-04-02T12:41:42.503659+00:00	GitLab Importer	Fixing	VCID-wsss-kt87-2qdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/resolv/CVE-2025-24294.yml	38.0.0
2026-04-01T12:56:41.604045+00:00	GithubOSV Importer	Fixing	VCID-wsss-kt87-2qdv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-xh69-987w-hrp8/GHSA-xh69-987w-hrp8.json	38.0.0