Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1322:Use of Blocking Code in Single-threaded, Non-blocking Context
Weakness ID:1322
Version:v4.17
Weakness Name:Use of Blocking Code in Single-threaded, Non-blocking Context
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
1Vulnerabilities found
CVE-2026-42256
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.07%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 19:38
Updated-18 May, 2026 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Action-Not Available
Vendor-Ruby
Product-net\net-imap
CWE ID-CWE-1322
Use of Blocking Code in Single-threaded, Non-blocking Context
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling