Impact
The Net::IMAP library accepts raw string arguments in several IMAP commands and only validates them to prevent CRLF injection. If an attacker supplies a user‑controlled raw string, the next IMAP command may be interpreted as a continuation of the first command. This causes the original command to fail and hang until another command from a different thread is sent, which will in turn not return until the I/O connection is closed, resulting in a denial‑of‑service condition for the client application. The issue aligns with several weaknesses, including CWE‑162, CWE‑182, CWE‑186, and CWE‑88.
Affected Systems
The issue affects the Ruby Net::IMAP client. Versions prior to 0.6.5 for the 0.6 branch and prior to 0.5.15 for the 0.5 branch are vulnerable. Upgrading to 0.6.5 or 0.5.15 removes the flaw.
Risk and Exploitability
The vulnerability has a CVSS score of 2.1, indicating low severity, and the EPSS score indicates a very low exploitation probability (< 1%). It is not listed in CISA’s KEV catalog. The underlying issue is improper raw argument validation, classified as CWE‑162, CWE‑182, CWE‑186, and CWE‑88. The most likely attack vector is an application that forwards untrusted input directly to the Net::IMAP library; the attacker needs the ability to send crafted IMAP commands from a user‑controlled context. Because the exploit requires a specific client use case, the risk of widespread exploitation is limited, but it can cause a denial of service to the impacted application.
OpenCVE Enrichment
Github GHSA