CVE-2025-27219

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27219

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27219.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-27219

Aliases

GHSA-gh9q-2xrm-x6qv

Downstream

ALPINE-CVE-2025-27219

DEBIAN-CVE-2025-27219

DLA-4082-1

ECHO-66e4-e8d1-c7e8

MINI-39rw-4457-p7w3

MINI-5gxg-72f4-6jwp

MINI-74xg-j2pp-528j

MINI-8rf2-q5jm-5h55

MINI-95rv-j253-f8mg

MINI-c3jm-49p9-5m72

MINI-f8r8-846q-v9p9

MINI-gcvh-xjcv-w237

MINI-jpfc-wfmm-5w9j

MINI-p94m-62w2-jpfp

MINI-pwmx-3r6c-9m64

MINI-wc4p-57pq-43p9

MINI-xff6-mfj2-mh8h

OESA-2025-1244

OESA-2025-1261

OESA-2025-1262

OESA-2025-1263

OESA-2025-1264

RHSA-2025:10217

RHSA-2025:4063

RHSA-2025:4487

RHSA-2025:4488

RHSA-2025:4493

RHSA-2025:8131

RLSA-2025:10217

RLSA-2025:4063

RLSA-2025:4487

RLSA-2025:4488

RLSA-2025:4493

RLSA-2025:8131

SUSE-SU-2025:1369-1

UBUNTU-CVE-2025-27219

USN-7418-1

USN-7442-1

Related

Published

2025-03-04T00:15:31.550Z

Modified

2026-02-03T07:38:49.067036Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

References

Affected packages

Git / github.com/ruby/cgi

Affected ranges

Type: GIT
Repo: https://github.com/ruby/cgi
Events: Fixed

9f7e78ece68a2cab7531d5e1111ec2e4d5344ad9

Introduced

6ddd5fc7d76b43b518b51277aecfb77fb5cad9ba

Fixed

ab84b7fe6624faeba21fb52acac33ea678366e11

Affected versions

v0.*

v0.4.0

v0.4.1

v0.4.2.beta1

v0.4.2.beta2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27219.json"