Vulnerability	Vulnerable Version
H Memory Allocation with Excessive Size Value org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the `ResponseReader` class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by including "literal" strings in responses sent to client-initiated connections and IMAP commands. After implementing the fix, the default `max_response_size` is still high (512MiB) to accommodate backward compatibility. It is recommended to set a lower `max_response_size` if connecting to untrusted servers or using insecure connections. How to fix Memory Allocation with Excessive Size Value? A fix was pushed into the `master` branch but not yet published.	[,9.4.13.0)[10.0.0.0,)

Memory Allocation with Excessive Size Value

org.jruby:jruby-stdlib is a JRuby Lib Setup package.

Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the ResponseReader class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by including "literal" strings in responses sent to client-initiated connections and IMAP commands.

After implementing the fix, the default max_response_size is still high (512MiB) to accommodate backward compatibility. It is recommended to set a lower max_response_size if connecting to untrusted servers or using insecure connections.

How to fix Memory Allocation with Excessive Size Value?

A fix was pushed into the master branch but not yet published.

[,9.4.13.0)[10.0.0.0,)

Go back to all versions of this package