Ruby Programming Language Net
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ruby Programming Language Net.
By the Year
In 2025 there have been 1 vulnerability in Ruby Programming Language Net with an average score of 7.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 7.50 |
It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Programming Language Net Security Vulnerabilities
Denial of Service via Memory Exhaustion in Net::IMAP <0.5.7
CVE-2025-43857
7.5 - High
- April 28, 2025
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Programming Language Net or by Ruby Programming Language? Click the Watch button to subscribe.
