ALPINE-CVE-2025-27219

ALPINE-CVE-2025-27219 PUBLISHED CVSS 7.5 HIGH

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	ruby	3.3.3-r2, 0, 3.3.3-r1
Alpine:v3.19	ruby	2.7.1-r2, 2.0.0, 2.0.0
Alpine:v3.20	ruby	0, 0, 3.3.3-r1
Alpine:v3.19	ruby-net-imap	0.2.3-r0, 0, 0.3.4.1-r0
Alpine:v3.21	ruby-net-imap	0.4.16-r0, 0.4.8-r0, 0
Alpine:v3.20	ruby-net-imap	0.4.10-r0, 0.3.4-r0, 0.2.3-r0

Timeline

Mar 4, 2025 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2025-27219 advisory

Open in Interactive Console →