VYPR
High severity7.5GHSA Advisory· Published Jul 12, 2025· Updated Apr 15, 2026

CVE-2025-24294

CVE-2025-24294

Description

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
resolvRubyGems
< 0.2.30.2.3
resolvRubyGems
>= 0.4.0, < 0.6.20.6.2
resolvRubyGems
>= 0.3.0, < 0.3.10.3.1

Affected products

55

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.