CVE-2025-25186
published 2025-02-10CVE-2025-25186: Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and…
PriorityP432medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.58%
43.2th percentile
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby3.1 | < ruby3.3 3.3.8-1 (forky) | ruby3.3 3.3.8-1 (forky) |
| debian | ruby3.3 | < ruby3.3 3.3.8-1 (forky) | ruby3.3 3.3.8-1 (forky) |
| msrc | azl3_ruby_3.3.5-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_ruby_3.3.5-3_on_azure_linux_3.0 | — | — |
| ruby | net-imap | — | — |
| ruby | net-imap | — | — |
| ruby | net-imap | — | — |
| ruby | net-imap | >= 0.3.2 < 0.3.8 | 0.3.8 |
| ruby | net-imap | >= 0.4.0 < 0.4.19 | 0.4.19 |
| ruby | net-imap | >= 0.5.0 < 0.5.6 | 0.5.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
osv·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-25186)
OSV
CVE-2025-25186: Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby
osv·2025-02-10·CVSS 6.5
CVE-2025-25186 [MEDIUM] CVE-2025-25186: Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
GHSA
Possible DoS by memory exhaustion in net-imap
ghsa·2025-02-10
CVE-2025-25186 [MEDIUM] CWE-1287 Possible DoS by memory exhaustion in net-imap
Possible DoS by memory exhaustion in net-imap
### Summary
There is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges.
### Details
IMAP's `uid-set` and `sequence-set` formats can compress ranges of numbers, for example: `"1,2,3,4,5"` and `"1:5"` both represent the same set. When `Net::IMAP::ResponseParser` receives `APPENDUID` or `COPYUID` response codes, it expands each `uid-set` into an array of integers. On a 64 bit system, these a
OSV
Possible DoS by memory exhaustion in net-imap
osv·2025-02-10
CVE-2025-25186 [MEDIUM] Possible DoS by memory exhaustion in net-imap
Possible DoS by memory exhaustion in net-imap
### Summary
There is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges.
### Details
IMAP's `uid-set` and `sequence-set` formats can compress ranges of numbers, for example: `"1,2,3,4,5"` and `"1:5"` both represent the same set. When `Net::IMAP::ResponseParser` receives `APPENDUID` or `COPYUID` response codes, it expands each `uid-set` into an array of integers. On a 64 bit system, these a
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and
Microsoft
Net::IMAP vulnerable to possible DoS by memory exhaustion
vendor_msrc·2025-02-11·CVSS 6.5
CVE-2025-25186 [MEDIUM] CWE-400 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP vulnerable to possible DoS by memory exhaustion
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https
Red Hat
net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
vendor_redhat·2025-02-10·CVSS 6.5
CVE-2025-25186 [MEDIUM] CWE-770 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibilit
Debian
CVE-2025-25186: ruby3.1 - Net::IMAP implements Internet Message Access Protocol (IMAP) client functionalit...
vendor_debian·2025·CVSS 6.5
CVE-2025-25186 [MEDIUM] CVE-2025-25186: ruby3.1 - Net::IMAP implements Internet Message Access Protocol (IMAP) client functionalit...
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
Scope: local
bookwor
No detection rules found.
No public exploits indexed.
HackerOne
Possible DoS by memory exhaustion in net/imap
hackerone·2025-04-27·CVSS 6.5
[MEDIUM] Possible DoS by memory exhaustion in net/imap
Possible DoS by memory exhaustion in net/imap
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue.
## Impact
This vulnerability causes Denial of Service by memory exhaustion for the projects using net-imap
Bugzilla
CVE-2025-25186 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
bugzilla·2025-02-10·CVSS 6.5
CVE-2025-25186 [MEDIUM] CVE-2025-25186 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
CVE-2025-25186 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backwa
https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
2025-02-10
Published