CVE Vulnerabilities

CVE-2026-42245

Inefficient Algorithmic Complexity

Published: May 09, 2026 | Modified: Jun 17, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the clients CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Weakness

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Affected Software

NameVendorStart VersionEnd Version
Net::imapRuby-lang*0.4.24 (excluding)
Net::imapRuby-lang0.5.0 (including)0.5.14 (excluding)
Net::imapRuby-lang0.6.0 (including)0.6.4 (excluding)
Red Hat Enterprise Linux 10RedHatruby4.0-0:4.0.3-35.el10_2*
Red Hat Enterprise Linux 10RedHatruby-0:3.3.10-13.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatruby-0:3.3.10-11.el10_0.2*
Red Hat Enterprise Linux 8RedHatruby:3.3-8100020260615131010.489197e6*
Red Hat Enterprise Linux 9RedHatruby:3.3-9080020260615131001.9*
Red Hat Enterprise Linux 9RedHatruby:4.0-9080020260619130154.9*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatruby:3.3-9040020260630065449.9*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatruby:3.3-9060020260630075016.9*
Red Hat Hardened ImagesRedHatruby4-0-main-4.0.0-33.4.hum1*
Red Hat Hardened ImagesRedHatruby3-4-main-3.4.8-31.2.hum1*
Red Hat Hardened ImagesRedHatruby3-3-main-3.3.10-23.2.hum1*
JrubyUbuntuesm-apps/xenial*
JrubyUbuntuquesting*
Ruby2.3Ubuntuesm-infra/xenial*
Ruby3.3Ubuntuquesting*

References