FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-09-12 16:46:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
eed1a411-699b-11f0-91fe-000c295725e4rubygem-resolv -- Possible denial of service

Manu reports:

The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.


Discovery 2025-07-08
Entry 2025-07-25
rubygem-resolv
< 0.6.2

ruby
>= 3.2.0.p1,1 lt 3.2.9,1

>= 3.3.0.p1,1 lt 3.3.9,1

>= 3.4.0.p1,1 lt 3.4.5,1

>= 3.5.0.p1,1 lt 3.5.0.p2,1

ruby32
< 3.2.9,1

ruby33
< 3.3.9,1

ruby34
< 3.4.5,1

ruby35
< 3.5.0.p2,1

CVE-2025-24294
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/