CVE-2025-24294

N/A

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

N/A

N/A

Ruby 安全漏洞

Ruby是松本行弘（Yukihiro Matsumoto）个人开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby存在安全漏洞，该漏洞源于DNS数据包中解压缩域名长度检查不足，可能导致拒绝服务攻击。

N/A

N/A