Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-43857
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2025 | 16:15
Updated At-12 May, 2025 | 19:36

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Ruby
ruby-lang
>>net\>>\
cpe:2.3:a:ruby-lang:net\:\:imap:*:*:*:*:*:ruby:*:*
Ruby
ruby-lang
>>net\>>\
cpe:2.3:a:ruby-lang:net\:\:imap:*:*:*:*:*:ruby:*:*
Ruby
ruby-lang
>>net\>>\
cpe:2.3:a:ruby-lang:net\:\:imap:*:*:*:*:*:ruby:*:*
Ruby
ruby-lang
>>net\>>\
cpe:2.3:a:ruby-lang:net\:\:imap:*:*:*:*:*:ruby:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarysecurity-advisories@github.com
CWE-405Primarysecurity-advisories@github.com
CWE-770Primarysecurity-advisories@github.com
CWE-789Primarysecurity-advisories@github.com
CWE-770Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ruby/net-imap/pull/442security-advisories@github.com
Issue Tracking
Patch
https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462security-advisories@github.com
Patch
https://github.com/ruby/net-imap/pull/445security-advisories@github.com
Issue Tracking
Patch
https://github.com/ruby/net-imap/pull/446security-advisories@github.com
Issue Tracking
Patch
https://github.com/ruby/net-imap/pull/447security-advisories@github.com
Issue Tracking
Patch
https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mjsecurity-advisories@github.com
Vendor Advisory
Change History
0Changes found
Details not found