Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5zsx-353j-8kax
Summary
net-imap rubygem vulnerable to possible DoS by memory exhaustion
### Summary

There is a possibility for denial of service by memory exhaustion when `net-imap` reads server responses.  At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread.  The response reader immediately allocates memory for the number of bytes indicated by the server response.

This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved.  It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname).

### Details

The IMAP protocol allows "literal" strings to be sent in responses, prefixed with their size in curly braces (e.g. `{1234567890}\r\n`).  When `Net::IMAP` receives a response containing a literal string, it calls `IO#read` with that size.  When called with a size, `IO#read` immediately allocates memory to buffer the entire string before processing continues.  The server does not need to send any more data.  There is no limit on the size of literals that will be accepted.

### Fix
#### Upgrade
Users should upgrade to `net-imap` 0.5.7 or later.  A configurable `max_response_size` limit has been added to `Net::IMAP`'s response reader.  The `max_response_size` limit has also been backported to `net-imap` 0.2.5, 0.3.9, and 0.4.20.

To set a global value for `max_response_size`, users must upgrade to `net-imap` ~> 0.4.20, or > 0.5.7.

#### Configuration

To avoid backward compatibility issues for secure connections to trusted well-behaved servers, the default `max_response_size` for `net-imap` 0.5.7 is _very high_ (512MiB), and the default `max_response_size` for `net-imap` ~> 0.4.20, ~> 0.3.9, and 0.2.5 is `nil` (unlimited).

When connecting to untrusted servers or using insecure connections, a much lower `max_response_size` should be used.
```ruby
# Set the global max_response_size (only ~> v0.4.20, > 0.5.7)
Net::IMAP.config.max_response_size = 256 << 10 # 256 KiB

# Set when creating the connection
imap = Net::IMAP.new(hostname, ssl: true,
                     max_response_size: 16 << 10) # 16 KiB

# Set after creating the connection
imap.max_response_size = 256 << 20 # 256 KiB
# flush currently waiting read, to ensure the new setting is loaded
imap.noop
```

_**Please Note:**_ `max_response_size` only limits the size _per response_.  It does not prevent a flood of individual responses and it does not limit how many unhandled responses may be stored on the responses hash.  Users are responsible for adding response handlers to prune excessive unhandled responses.

#### Compatibility with lower `max_response_size`

A lower `max_response_size` may cause a few commands which legitimately return very large responses to raise an exception and close the connection.  The `max_response_size` could be temporarily set to a higher value, but paginated or limited versions of commands should be used whenever possible.  For example, to fetch message bodies:

```ruby
imap.max_response_size = 256 << 20 # 256 KiB
imap.noop # flush currently waiting read

# fetch a message in 252KiB chunks
size = imap.uid_fetch(uid, "RFC822.SIZE").first.rfc822_size
limit = 252 << 10
message = ((0..size) % limit).each_with_object("") {|offset, str|
  str << imap.uid_fetch(uid, "BODY.PEEK[]<#{offset}.#{limit}>").first.message(offset:)
}

imap.max_response_size = 16 << 20 # 16 KiB
imap.noop # flush currently waiting read
```

### References

* PR to introduce max_response_size: https://github.com/ruby/net-imap/pull/444
  * Specific commit: [0ae8576c1 - lib/net/imap/response_reader.rb](https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462)
* Backport to 0.4: https://github.com/ruby/net-imap/pull/445
* Backport to 0.3: https://github.com/ruby/net-imap/pull/446
* Backport to 0.2: https://github.com/ruby/net-imap/pull/447
Aliases
0
alias CVE-2025-43857
1
alias GHSA-j3g3-5qv5-52mj
Fixed_packages
0
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=aarch64&distroversion=v3.21&reponame=main
1
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main
2
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=s390x&distroversion=v3.21&reponame=main
3
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armv7&distroversion=v3.21&reponame=main
4
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86&distroversion=v3.21&reponame=main
5
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86_64&distroversion=v3.20&reponame=main
6
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=riscv64&distroversion=v3.21&reponame=main
7
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86_64&distroversion=v3.21&reponame=main
8
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=aarch64&distroversion=v3.20&reponame=main
9
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armv7&distroversion=v3.20&reponame=main
10
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=riscv64&distroversion=v3.20&reponame=main
11
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armhf&distroversion=v3.21&reponame=main
12
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main
13
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armhf&distroversion=v3.20&reponame=main
14
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main
15
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=s390x&distroversion=v3.20&reponame=main
16
url pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86&distroversion=v3.20&reponame=main
17
url pkg:gem/net-imap@0.2.5
purl pkg:gem/net-imap@0.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.5
18
url pkg:gem/net-imap@0.3.9
purl pkg:gem/net-imap@0.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-gsp4-pq1s-jkbw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.9
19
url pkg:gem/net-imap@0.4.20
purl pkg:gem/net-imap@0.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20
20
url pkg:gem/net-imap@0.5.7
purl pkg:gem/net-imap@0.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7
Affected_packages
0
url pkg:gem/net-imap@0
purl pkg:gem/net-imap@0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-gsp4-pq1s-jkbw
2
vulnerability VCID-jwy5-uf6y-j7ae
3
vulnerability VCID-rfhh-yjxe-3fds
4
vulnerability VCID-unx7-72n1-2bd4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0
1
url pkg:gem/net-imap@0.1.0
purl pkg:gem/net-imap@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.1.0
2
url pkg:gem/net-imap@0.1.1
purl pkg:gem/net-imap@0.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.1.1
3
url pkg:gem/net-imap@0.2.0
purl pkg:gem/net-imap@0.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.0
4
url pkg:gem/net-imap@0.2.1
purl pkg:gem/net-imap@0.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.1
5
url pkg:gem/net-imap@0.2.2
purl pkg:gem/net-imap@0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.2
6
url pkg:gem/net-imap@0.2.3
purl pkg:gem/net-imap@0.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.3
7
url pkg:gem/net-imap@0.2.4
purl pkg:gem/net-imap@0.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.4
8
url pkg:gem/net-imap@0.2.5
purl pkg:gem/net-imap@0.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.5
9
url pkg:gem/net-imap@0.3
purl pkg:gem/net-imap@0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3
10
url pkg:gem/net-imap@0.3.0
purl pkg:gem/net-imap@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.0
11
url pkg:gem/net-imap@0.3.1
purl pkg:gem/net-imap@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.1
12
url pkg:gem/net-imap@0.3.2
purl pkg:gem/net-imap@0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.2
13
url pkg:gem/net-imap@0.3.3
purl pkg:gem/net-imap@0.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.3
14
url pkg:gem/net-imap@0.3.4
purl pkg:gem/net-imap@0.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.4
15
url pkg:gem/net-imap@0.3.4.1
purl pkg:gem/net-imap@0.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.4.1
16
url pkg:gem/net-imap@0.3.5
purl pkg:gem/net-imap@0.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.5
17
url pkg:gem/net-imap@0.3.6
purl pkg:gem/net-imap@0.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.6
18
url pkg:gem/net-imap@0.3.7
purl pkg:gem/net-imap@0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.7
19
url pkg:gem/net-imap@0.3.8
purl pkg:gem/net-imap@0.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.8
20
url pkg:gem/net-imap@0.3.9
purl pkg:gem/net-imap@0.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-gsp4-pq1s-jkbw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.9
21
url pkg:gem/net-imap@0.4.0
purl pkg:gem/net-imap@0.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zvv-b8mk-fbd1
1
vulnerability VCID-5zsx-353j-8kax
2
vulnerability VCID-gsp4-pq1s-jkbw
3
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.0
22
url pkg:gem/net-imap@0.4
purl pkg:gem/net-imap@0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4
23
url pkg:gem/net-imap@0.4.1
purl pkg:gem/net-imap@0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.1
24
url pkg:gem/net-imap@0.4.2
purl pkg:gem/net-imap@0.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.2
25
url pkg:gem/net-imap@0.4.3
purl pkg:gem/net-imap@0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.3
26
url pkg:gem/net-imap@0.4.4
purl pkg:gem/net-imap@0.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.4
27
url pkg:gem/net-imap@0.4.5
purl pkg:gem/net-imap@0.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.5
28
url pkg:gem/net-imap@0.4.6
purl pkg:gem/net-imap@0.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.6
29
url pkg:gem/net-imap@0.4.7
purl pkg:gem/net-imap@0.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.7
30
url pkg:gem/net-imap@0.4.8
purl pkg:gem/net-imap@0.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.8
31
url pkg:gem/net-imap@0.4.9
purl pkg:gem/net-imap@0.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.9
32
url pkg:gem/net-imap@0.4.9.1
purl pkg:gem/net-imap@0.4.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.9.1
33
url pkg:gem/net-imap@0.4.10
purl pkg:gem/net-imap@0.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.10
34
url pkg:gem/net-imap@0.4.11
purl pkg:gem/net-imap@0.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.11
35
url pkg:gem/net-imap@0.4.12
purl pkg:gem/net-imap@0.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.12
36
url pkg:gem/net-imap@0.4.13
purl pkg:gem/net-imap@0.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.13
37
url pkg:gem/net-imap@0.4.14
purl pkg:gem/net-imap@0.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.14
38
url pkg:gem/net-imap@0.4.15
purl pkg:gem/net-imap@0.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.15
39
url pkg:gem/net-imap@0.4.16
purl pkg:gem/net-imap@0.4.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.16
40
url pkg:gem/net-imap@0.4.17
purl pkg:gem/net-imap@0.4.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.17
41
url pkg:gem/net-imap@0.4.18
purl pkg:gem/net-imap@0.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.18
42
url pkg:gem/net-imap@0.4.19
purl pkg:gem/net-imap@0.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.19
43
url pkg:gem/net-imap@0.4.20
purl pkg:gem/net-imap@0.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20
44
url pkg:gem/net-imap@0.5
purl pkg:gem/net-imap@0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5
45
url pkg:gem/net-imap@0.5.0
purl pkg:gem/net-imap@0.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1zvv-b8mk-fbd1
1
vulnerability VCID-5zsx-353j-8kax
2
vulnerability VCID-gsp4-pq1s-jkbw
3
vulnerability VCID-jwy5-uf6y-j7ae
4
vulnerability VCID-rfhh-yjxe-3fds
5
vulnerability VCID-unx7-72n1-2bd4
6
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.0
46
url pkg:gem/net-imap@0.5.1
purl pkg:gem/net-imap@0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.1
47
url pkg:gem/net-imap@0.5.2
purl pkg:gem/net-imap@0.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.2
48
url pkg:gem/net-imap@0.5.3
purl pkg:gem/net-imap@0.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.3
49
url pkg:gem/net-imap@0.5.4
purl pkg:gem/net-imap@0.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.4
50
url pkg:gem/net-imap@0.5.5
purl pkg:gem/net-imap@0.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
1
vulnerability VCID-wyjh-cuuy-zbeb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.5
51
url pkg:gem/net-imap@0.5.6
purl pkg:gem/net-imap@0.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.6
52
url pkg:gem/net-imap@0.5.7
purl pkg:gem/net-imap@0.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5zsx-353j-8kax
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43857
reference_id
reference_type
scores
0
value 0.00528
scoring_system epss
scoring_elements 0.67208
published_at 2026-05-07T12:55:00Z
1
value 0.00528
scoring_system epss
scoring_elements 0.67198
published_at 2026-04-29T12:55:00Z
2
value 0.00528
scoring_system epss
scoring_elements 0.67186
published_at 2026-04-24T12:55:00Z
3
value 0.00528
scoring_system epss
scoring_elements 0.67126
published_at 2026-04-04T12:55:00Z
4
value 0.00528
scoring_system epss
scoring_elements 0.67101
published_at 2026-04-07T12:55:00Z
5
value 0.00528
scoring_system epss
scoring_elements 0.6715
published_at 2026-04-08T12:55:00Z
6
value 0.00528
scoring_system epss
scoring_elements 0.67163
published_at 2026-04-09T12:55:00Z
7
value 0.00528
scoring_system epss
scoring_elements 0.67102
published_at 2026-04-02T12:55:00Z
8
value 0.00528
scoring_system epss
scoring_elements 0.67137
published_at 2026-04-13T12:55:00Z
9
value 0.00528
scoring_system epss
scoring_elements 0.67168
published_at 2026-04-12T12:55:00Z
10
value 0.00528
scoring_system epss
scoring_elements 0.67182
published_at 2026-04-11T12:55:00Z
11
value 0.00528
scoring_system epss
scoring_elements 0.67166
published_at 2026-05-05T12:55:00Z
12
value 0.00528
scoring_system epss
scoring_elements 0.67185
published_at 2026-04-18T12:55:00Z
13
value 0.00528
scoring_system epss
scoring_elements 0.67171
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43857
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/ruby/net-imap
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/net-imap
4
reference_url https://github.com/ruby/net-imap/pull/442
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/pull/442
5
reference_url https://github.com/ruby/net-imap/pull/444
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/net-imap/pull/444
6
reference_url https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462
7
reference_url https://github.com/ruby/net-imap/pull/445
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/pull/445
8
reference_url https://github.com/ruby/net-imap/pull/446
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/pull/446
9
reference_url https://github.com/ruby/net-imap/pull/447
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/pull/447
10
reference_url https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/
url https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43857
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43857
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486
reference_id 1104486
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362749
reference_id 2362749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362749
15
reference_url https://github.com/advisories/GHSA-j3g3-5qv5-52mj
reference_id GHSA-j3g3-5qv5-52mj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j3g3-5qv5-52mj
Weaknesses
0
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
1
cwe_id 405
name Asymmetric Resource Consumption (Amplification)
description The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is asymmetric.
2
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
3
cwe_id 789
name Memory Allocation with Excessive Size Value
description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
5
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score3.1 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5zsx-353j-8kax