Description
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Published: 2025-07-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21202 resolv vulnerable to DoS via insufficient DNS domain name length validation
Github GHSA Github GHSA GHSA-xh69-987w-hrp8 resolv vulnerable to DoS via insufficient DNS domain name length validation
Ubuntu USN Ubuntu USN USN-7734-1 Ruby vulnerabilities
Ubuntu USN Ubuntu USN USN-7735-1 RubyGems vulnerabilities
History

Thu, 17 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Title resolv: Denial of Service in resolv gem
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 16 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00018}

 epss

{'score': 0.00011}

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00018}

Sat, 12 Jul 2025 03:45:00 +0000

Type Values Removed Values Added
Description The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-07-16T13:37:43.395Z

Reserved: 2025-01-17T01:00:07.458Z

Link: CVE-2025-24294

cve-icon Vulnrichment

Updated: 2025-07-15T13:49:37.529Z

cve-icon NVD

Status : Deferred

Published: 2025-07-12T04:15:46.683

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-24294

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-12T03:30:40Z

Links: CVE-2025-24294 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses