Skip to main content

net-imap CVE-2026-42256

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-05-04 https://github.com/ruby/net-imap GHSA-87pf-fpwv-p7m7
6.0
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Red Hat
6.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
CVSS changed
May 09, 2026 - 20:22 NVD
6.0 (MEDIUM)
Source Code Evidence Fetched
May 04, 2026 - 22:31 vuln.today
Analysis Generated
May 04, 2026 - 22:31 vuln.today

DescriptionGitHub Advisory

Summary

When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value.

Details

A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the SCRAM server-first-message, causing the client to perform an expensive OpenSSL::KDF.pbkdf2_hmac call. Because the PBKDF2 function is a blocking C extension and holds onto Ruby’s Global VM Lock, it can freeze the entire Ruby VM for the duration of the computation.

OpenSSL enforces an effective maximum by using a 32-bit signed integer for the iteration count, Depending on hardware capabilities and OpenSSL version, this iteration count may be sufficient for to block all Ruby threads in the process for over seven minutes.

This is listed as one of the "Security Considerations", in RFC 7804: > A hostile server can perform a computational denial-of-service attack on clients by sending a big iteration count value. In order to defend against that, a client implementation can pick a maximum iteration count that it is willing to use and reject any values that exceed that threshold (in such cases, the client, of course, has to fail the authentication).

Impact

During SCRAM authentication to a hostile server, the entire Ruby VM will be locked for the duration of the computation. Depending on hardware capabilities and OpenSSL version, this may take many minutes.

OpenSSL::KDF.pbkdf2_hmac is a blocking C function, so Timeout cannot be used to guard against this. And it retains the Global VM lock, so other ruby threads will also be unable to run.

Mitigation

  • Upgrade to a patched version of net-imap that adds the max_iterations option to the SASL-* authenticators, and call Net::IMAP#authenticate with a max_iterations keyword argument.

NOTE: The default max_iterations is 2³¹ - 1, the maximum signed 32 bit integer, the maximum allowed by OpenSSL. _To prevent a denial of service attack,_ this must be set to a safe value, depending on hardware and version of OpenSSL. _It is the user's responsibility_ to enforce minimum and maximum iteration counts that are appropriate for their security context.

  • Alternatively, avoid SCRAM-* mechanisms when authenticating to untrusted servers.

AnalysisAI

Denial of service in net-imap SCRAM-SHA1/SHA256 authentication allows a hostile IMAP server to freeze the entire Ruby VM by sending an arbitrarily large PBKDF2 iteration count, blocking all threads for several minutes due to the blocking nature of OpenSSL::KDF.pbkdf2_hmac and its retention of the Global VM Lock. Patched versions 0.4.24, 0.5.14, and 0.6.4 introduce a max_iterations parameter that users must explicitly configure to prevent exploitation.

Technical ContextAI

The vulnerability exists in the SCRAM (Salted Challenge Response Authentication Mechanism) authenticators implemented by net-imap for IMAP protocol authentication. When a server sends a SCRAM server-first-message containing a PBKDF2 iteration count during SASL authentication, the client calls OpenSSL::KDF.pbkdf2_hmac with that count. PBKDF2 (Password-Based Key Derivation Function 2) is a legitimate cryptographic function that derives a key from a password through iterative hashing. However, because OpenSSL implements the iteration count as a 32-bit signed integer and PBKDF2 computation is blocking C code that holds Ruby's Global VM Lock, a malicious server can specify an extremely high iteration count (up to 2³¹-1, over 2 billion iterations) causing the client Ruby process to perform expensive cryptographic work that locks the entire VM. This is acknowledged in RFC 7804 as a known security consideration for SCRAM implementations. The root cause is CWE-770 (Allocation of Resources Without Limits or Throttling), where the client accepts unbounded resource consumption parameters from an untrusted server without validation.

RemediationAI

Upgrade net-imap to patched version 0.4.24 (for 0.4.x), 0.5.14 (for 0.5.x), or 0.6.4 (for 0.6.x) available from https://github.com/ruby/net-imap/releases. Critically, after upgrading, applications must explicitly configure the max_iterations parameter when calling Net::IMAP#authenticate with SCRAM mechanisms. The default patched value (2³¹-1) does NOT prevent the attack; it is the user's responsibility to set max_iterations to a safe value appropriate for their hardware and OpenSSL version (RFC 7804 and OWASP guidance suggest 100,000-600,000 iterations for modern systems, though actual safe values depend on acceptable latency tolerance and processor speed). Example: Net::IMAP#authenticate(..., max_iterations: 100_000). As a workaround for unpatched systems, avoid using SCRAM-SHA1 or SCRAM-SHA256 mechanisms when connecting to untrusted or unverified IMAP servers; instead use other SASL mechanisms or enforce strict TLS certificate validation and server identity verification to reduce attack surface. Note: setting max_iterations too low may cause authentication to fail against legitimate servers with legitimate high iteration counts.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 16.0 Fixed
SUSE Linux Enterprise High Availability Extension 16.1 Fixed

Share

CVE-2026-42256 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy