216.73.217.80

CVE-2026-42256

· Published 09/05/2026 20:16 · Modified 09/05/2026 20:16

Labels: CVE-2026-42256 2026-05-09CVE-2026-42256CWE-770[email protected]

Essential information

Published
09/05/2026 20:16
Modified
09/05/2026 20:16
Author
Creator
CVSS
6.0 MEDIUM (v3) 6.0 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ruby / net-imap cpe:2.3:a:ruby:net-imap:0.4.0-0.4.24:*:*:*:*:*:*:*
ruby / net-imap cpe:2.3:a:ruby:net-imap:0.5.0-0.5.14:*:*:*:*:*:*:*
ruby / net-imap cpe:2.3:a:ruby:net-imap:0.6.0-0.6.4:*:*:*:*:*:*:*

References