CVE-2025-24294 Information
Jul 13, 2025
cve
Description
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.
An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet the name decompression process consumes a large amount of CPU resources as the library does not limit the resulting length of the name.
This resource consumption can cause the application thread to become unresponsive resulting in a Denial of Service condition.
Reference
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
Related CNNVD
CNNVD-202507-1712 (Published: 2025-07-12)
Share on: