Denial of Service Vulnerability in Ruby's Resolv Library
CVE-2025-24294

Currently unrated

Key Information:

Vendor: Ruby
Status: Resolv
Vendor: CVE Published:; 12 July 2025

What is CVE-2025-24294?

A vulnerability exists in the Resolv library used by Ruby, enabling attackers to exploit the system through crafted DNS packets. When these packets contain a highly compressed domain name, the parsing process incurs excessive CPU usage. This occurs because the library fails to impose proper limits on the length of decompressed names. As a result, potentially any application relying on this parsing could experience significant resource drainage, rendering it unresponsive and leading to a Denial of Service condition.

Affected Version(s)

resolv 0.2 <= 0.2.2

resolv 0.3.0

resolv 0.6 <= 0.6.1

References

https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jan 17, 2025