Denial of Service Vulnerability in Ruby's Resolv Library
CVE-2025-24294

7.5HIGH

Key Information:

Vendor: Ruby
Status: Resolv
Vendor: CVE Published:; 12 July 2025

What is CVE-2025-24294?

A vulnerability exists in the Resolv library used by Ruby, enabling attackers to exploit the system through crafted DNS packets. When these packets contain a highly compressed domain name, the parsing process incurs excessive CPU usage. This occurs because the library fails to impose proper limits on the length of decompressed names. As a result, potentially any application relying on this parsing could experience significant resource drainage, rendering it unresponsive and leading to a Denial of Service condition.

Affected Version(s)

resolv 0.2 <= 0.2.2

resolv 0.3.0

resolv 0.6 <= 0.6.1

References

https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-c...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jan 17, 2025