ALPINE-CVE-2025-27219

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2025-27219
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-27219.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-27219
Upstream
Published
2025-03-04T00:15:31Z
Modified
2025-09-30T05:29:35.366840Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

References

Affected packages

Alpine:v3.19

ruby

Package

Name
ruby
Purl
pkg:apk/alpine/ruby?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.8-r0

Affected versions

1.*

1.8.7_p72-r1
1.8.7_p72-r2
1.8.7_p160-r2
1.8.7_p160-r3
1.8.7_p174-r0
1.8.7_p174-r1
1.8.7_p174-r2
1.8.7_p174-r3
1.8.7_p174-r4
1.8.7_p174-r6
1.8.7_p174-r7
1.8.7_p299-r0
1.8.7_p299-r1
1.8.7_p299-r2
1.8.7_p352-r0
1.8.7_p352-r1
1.8.7_p358-r1
1.9.3_p194-r0
1.9.3_p286-r0
1.9.3_p286-r1
1.9.3_p286-r2
1.9.3_p327-r0
1.9.3_p362-r0
1.9.3_p374-r0
1.9.3_p385-r0
1.9.3_p392-r0

2.*

2.0.0_p0-r0
2.0.0_p0-r1
2.0.0_p195-r0
2.0.0_p247-r0
2.0.0_p247-r1
2.0.0_p247-r2
2.0.0_p247-r3
2.0.0_p353-r0
2.0.0_p353-r1
2.0.0_p353-r2
2.0.0_p481-r0
2.1.5-r0
2.1.5-r1
2.2.1-r0
2.2.2-r0
2.2.2-r1
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.3.1-r0
2.3.1-r1
2.3.1-r2
2.3.2-r0
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.4.0-r3
2.4.1-r1
2.4.1-r2
2.4.1-r3
2.4.1-r4
2.4.1-r5
2.4.2-r0
2.4.2-r1
2.4.3-r0
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.1-r1
2.5.1-r2
2.5.2-r0
2.5.3-r0
2.5.3-r1
2.5.3-r2
2.5.5-r0
2.6.3-r0
2.6.3-r1
2.6.3-r2
2.6.4-r0
2.6.5-r0
2.6.5-r1
2.6.5-r2
2.6.6-r2
2.6.6-r3
2.6.6-r4
2.7.1-r0
2.7.1-r1
2.7.1-r2
2.7.1-r3
2.7.1-r4
2.7.1-r5
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.7.3-r0
2.7.3-r1
2.7.4-r0
2.7.4-r1
2.7.4-r2

3.*

3.0.2-r0
3.0.3-r0
3.1.1-r0
3.1.2-r0
3.1.2-r1
3.1.3-r0
3.1.4-r0
3.1.4-r1
3.2.2-r0
3.2.2-r1
3.2.4-r0
3.2.6-r0

ruby-net-imap

Package

Name
ruby-net-imap
Purl
pkg:apk/alpine/ruby-net-imap?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.9-r0

Affected versions

0.*

0.2.3-r0
0.3.4-r0
0.3.4.1-r0

Alpine:v3.20

ruby

Package

Name
ruby
Purl
pkg:apk/alpine/ruby?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.8-r0

Affected versions

3.*

3.3.3-r1
3.3.6-r0

ruby-net-imap

Package

Name
ruby-net-imap
Purl
pkg:apk/alpine/ruby-net-imap?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.19-r0

Affected versions

0.*

0.2.3-r0
0.3.4-r0
0.4.8-r0
0.4.10-r0

Alpine:v3.21

ruby

Package

Name
ruby
Purl
pkg:apk/alpine/ruby?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.8-r0

Affected versions

3.*

3.3.3-r1
3.3.3-r2
3.3.6-r0

ruby-net-imap

Package

Name
ruby-net-imap
Purl
pkg:apk/alpine/ruby-net-imap?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.19-r0

Affected versions

0.*

0.2.3-r0
0.3.4-r0
0.4.8-r0
0.4.10-r0
0.4.16-r0