{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T04:49:57.680","vulnerabilities":[{"cve":{"id":"CVE-2025-25186","sourceIdentifier":"security-advisories@github.com","published":"2025-02-10T16:15:39.457","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser.  At any time while the client is connected, a malicious server can send  can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory."},{"lang":"es","value":"Net::IMAP implementa la funcionalidad del cliente del Protocolo de acceso a mensajes de Internet (IMAP) en Ruby. A partir de la versión 0.3.2 y antes de las versiones 0.3.8, 0.4.19 y 0.5.6, existe la posibilidad de denegación de servicio por agotamiento de la memoria en el analizador de respuestas de `net-imap`. En cualquier momento mientras el cliente esté conectado, un servidor malintencionado puede enviar datos `uid-set` altamente comprimidos que son leídos automáticamente por el hilo receptor del cliente. El analizador de respuestas utiliza `Range#to_a` para convertir los datos `uid-set` en matrices de números enteros, sin limitación en el tamaño expandido de los rangos. Las versiones 0.3.8, 0.4.19, 0.5.6 y posteriores solucionan este problema. Hay detalles adicionales para la configuración adecuada de las versiones corregidas y la compatibilidad con versiones anteriores disponibles en el Aviso de seguridad de GitHub."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-405"},{"lang":"en","value":"CWE-409"},{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"},{"lang":"en","value":"CWE-1287"}]}],"references":[{"url":"https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35","source":"security-advisories@github.com"},{"url":"https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3","source":"security-advisories@github.com"},{"url":"https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022","source":"security-advisories@github.com"},{"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69","source":"security-advisories@github.com"}]}}]}