Skip to content

Translate "CVE-2025-25186" (ko) #3493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Feb 11, 2025
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions ko/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
layout: news_post
title: "CVE-2025-25186: net-imap의 DoS 취약점"
author: "nevans"
translator: "shia"
date: 2025-02-11 03:00:00 +0000
tags: security
lang: ko
---

net-imap gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2025-25186](https://www.cve.org/CVERecord?id=CVE-2025-25186)로 등록되었습니다. net-imap gem을 업그레이드하기를 추천합니다.

## 세부 내용

A malicious server can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser uses Range#to_a to convert the uid-set data into arrays of integers, with no limitation on the expanded size of the ranges.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original is still here 😅

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed! 3e7ef7c

악의적인 서버가 고도로 압축된 uid-set 데이터를 보낼 수 있으며, 클라이언트의 수신 스레드는 이 데이터를 자동으로 읽습니다. 응답 파서는 uid-set 데이터를 정수 배열로 변환하기 위해 Range#to_a를 사용하며, 이때 범위의 확장 크기에 대한 제한이 없습니다.

net-imap gem을 0.3.8, 0.4.19, 또는 0.5.6으로 업데이트하세요.

## 해당 버전

* net-imap gem 0.3.2부터 0.3.8까지, 0.4.0부터 0.4.19까지, 또는 0.5.0부터 0.5.6까지

## 도움을 준 사람

이 문제를 발견해 준 [manun](https://hackerone.com/manun)에게 감사를 표합니다.

## 수정 이력

* 2025-02-11 03:00:00 (UTC) 최초 공개