Primary

Context

Ruby Resolv Gem Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the resolv gem included with Ruby. This issue arises from inadequate checks on the length of decompressed domain names within DNS packets. An attacker can create a malicious DNS packet with a highly compressed domain name. When the resolv library processes this packet, the decompression can lead to excessive CPU usage, as there is no limit on the length of the resulting name. This increased resource consumption can cause the application thread to become unresponsive, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application thread to become unresponsive.

Remediation

Users are advised to upgrade the resolv gem. The vulnerability affects the resolv gem bundled with Ruby 3.2 series (resolv version 0.2.2 and earlier), Ruby 3.3 series (resolv version 0.3.0), and Ruby 3.4 series (resolv version 0.6.1 and earlier).

Added: Jul 12, 2025, 4:17 AM

Updated: Jul 12, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruby Resolv Gem Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ruby

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating