An issue was discovered in Ruby 4 before 4.0.5
A race condition in Ruby's getaddrinfo function can cause a use-after-free error, potentially allowing a remote attacker to crash a Ruby process or execute arbitrary code. This can happen when a DNS response is delayed near the user-specified timeout. The vulnerability can be exploited through a crafted DNS server or recursive resolver.
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
Developers using Ruby 4 before 4.0.5 are at risk of remote code execution or process crashes, posing a high severity threat to their applications.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
Affected Products
2
References
ruby-lang / ruby
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact