Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-42245
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-09 May, 2026 | 19:37
Updated At-12 May, 2026 | 18:30
Rejected At-
▼CVE Numbering Authority (CNA)
net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Affected Products
Vendor
Rubyruby
Product
net-imap
Versions
Affected
  • < 0.4.24
  • >= 0.5.0, < 0.5.14
  • >= 0.6.0, < 0.6.4
Problem Types
TypeCWE IDDescription
CWECWE-407CWE-407: Inefficient Algorithmic Complexity
Type: CWE
CWE ID: CWE-407
Description: CWE-407: Inefficient Algorithmic Complexity
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw
x_refsource_CONFIRM
https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96
x_refsource_MISC
https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda
x_refsource_MISC
https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819
x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.4.24
x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14
x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.6.4
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96
Resource:
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda
Resource:
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819
Resource:
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/releases/tag/v0.4.24
Resource:
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/releases/tag/v0.5.14
Resource:
x_refsource_MISC
Hyperlink: https://github.com/ruby/net-imap/releases/tag/v0.6.4
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found