CVE-2025-24294 – Apache Resolv DNS Denial of Service Vulnerability

CVE ID : CVE-2025-24294

Published : July 12, 2025, 4:15 a.m. | 2 hours, 1 minute ago

Description : The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.

An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.

This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…