Bug 2362749 (CVE-2025-43857)
| Summary: | CVE-2025-43857 net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | akostadi, amasferr, cbartlet, dmayorov, jcantril, jlledo, jvasik, kaycoth, mmakovy, periklis, rblanco, rojacob, tjochec, vmugicag, vondruch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Net::IMAP, a Ruby library for IMAP client functionality. This vulnerability allows a malicious server to send a large "literal" byte count, causing the client to allocate excessive memory, potentially leading to denial of service (memory exhaustion). This vulnerability could allow an attacker to overload the system's memory, causing performance degradation or crashes when connecting to untrusted or compromised IMAP servers.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2362833, 2362835, 2362836 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-04-28 17:01:16 UTC
|