Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Net::IMAP vulnerable to possible DoS by memory exhaustion
Vulnerability Description
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Net::IMAP 安全漏洞
Vulnerability Description
Net::IMAP是Ruby开源的一个消息访问协议的 Ruby 客户端 api。 Net::IMAP 0.3.2版本至0.3.8之前版本、0.4.19版本和0.5.6版本存在安全漏洞,该漏洞源于响应解析器对uid-set数据的无限制转换,允许恶意服务器造成内存耗尽攻击。
CVSS Information
N/A
Vulnerability Type
N/A