- Description
- The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
- Source
- support@hackerone.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-400
- Hype score
- Not currently trending
CVE-2025-24294 DNS Packet Decompression Vulnerability Enables Denial of Service Attack https://t.co/m3pYWquPld
@VulmonFeeds
12 Jul 2025
98 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24294 The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DN… https://t.co/HQi0UuGLVS
@CVEnew
12 Jul 2025
293 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24294 (resolv): Possible Denial of Service in resolv gem - RubySec https://t.co/xgfN0dMEgU
@phantmradar
12 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ruby: CVE-2025-24294: Possible Denial of Service in resolv gem https://t.co/bBnOOi15s0 #rubylang # #devtalk
@dev_talk
8 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes