AZL-65241

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65241.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-65241

Upstream

CVE-2025-24294

Published

2025-07-12T04:15:46Z

Modified

2026-04-01T05:20:30.576051Z

Summary

CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

Details

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24294

Affected packages

Azure Linux:3 / ruby

Package

Name: ruby
Purl: pkg:rpm/azure-linux/ruby

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.5-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65241.json"