Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-09T19:37:08 ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-606

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client's CPU being exhausted, resulting in a denial of service (DoS) attack.

To reduce the risk of a denial of service, ensure that applications using the Net::IMAP library are configured to connect exclusively to trusted IMAP servers. Avoid connecting to untrusted or unverified IMAP services, as a hostile server can exploit this vulnerability. This operational control helps prevent exposure to malicious IMAP response processing. Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp21/system Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp21/zync Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp22/system Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp22/zync Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel7 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel8 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/system-rhel9 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/zync-rhel8 Red Hat 3scale API Management Platform 2 Fix deferred 3scale-amp2/zync-rhel9 Red Hat Enterprise Linux 10 Fix deferred ruby Red Hat Enterprise Linux 10 Fix deferred ruby4.0 Red Hat Enterprise Linux 8 Fix deferred ruby:3.3/ruby Red Hat Enterprise Linux 9 Fix deferred ruby:3.3/ruby Red Hat Enterprise Linux 9 Fix deferred ruby:4.0/ruby Red Hat Hardened Images Affected ruby3.3 Red Hat Hardened Images Affected ruby3.4 Red Hat Hardened Images Affected ruby4.0 https://www.cve.org/CVERecord?id=CVE-2026-42245 https://nvd.nist.gov/vuln/detail/CVE-2026-42245 https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96 https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819 https://github.com/ruby/net-imap/releases/tag/v0.4.24 https://github.com/ruby/net-imap/releases/tag/v0.5.14 https://github.com/ruby/net-imap/releases/tag/v0.6.4 https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw