CVE-2026-46727: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in ruby-lang Ruby
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
AI Analysis
Technical Summary
Ruby versions prior to 4.0.5, specifically 4.0.0, contain a race condition (CWE-362) in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). This race condition can cause a use-after-free error when DNS responses are delayed near the timeout specified by the user in Addrinfo.getaddrinfo or Socket.tcp calls. The flaw allows a remote attacker capable of delaying DNS responses, such as via a crafted authoritative DNS server or recursive resolver, to crash the Ruby process. While memory corruption exploitation is theoretically possible, no known exploits are documented. The CVSS 3.1 base score is 8.1, indicating high severity with network attack vector, high impact on confidentiality, integrity, and availability, and requiring high attack complexity.
Potential Impact
The vulnerability can cause a denial of service by crashing Ruby processes that perform DNS resolution with timeouts. Theoretically, it could lead to memory corruption, which might allow further exploitation, but no such exploits are known. The impact affects confidentiality, integrity, and availability of affected Ruby applications relying on the vulnerable DNS resolution functions.
Mitigation Recommendations
No official patch or remediation level has been published by the vendor as of now. Users should monitor the ruby-lang project advisories for updates and apply any official fixes once available. Until then, consider avoiding or limiting use of Addrinfo.getaddrinfo(..., timeout:) and Socket.tcp(..., resolv_timeout:) with untrusted DNS sources or implement external DNS resolution safeguards. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-46727: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in ruby-lang Ruby
Description
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp(..., resolv_timeout:). Memory-corruption-based exploitation is theoretically possible. The attack could, for example, be carried out through a crafted authoritative DNS server or recursive resolver.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ruby versions prior to 4.0.5, specifically 4.0.0, contain a race condition (CWE-362) in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). This race condition can cause a use-after-free error when DNS responses are delayed near the timeout specified by the user in Addrinfo.getaddrinfo or Socket.tcp calls. The flaw allows a remote attacker capable of delaying DNS responses, such as via a crafted authoritative DNS server or recursive resolver, to crash the Ruby process. While memory corruption exploitation is theoretically possible, no known exploits are documented. The CVSS 3.1 base score is 8.1, indicating high severity with network attack vector, high impact on confidentiality, integrity, and availability, and requiring high attack complexity.
Potential Impact
The vulnerability can cause a denial of service by crashing Ruby processes that perform DNS resolution with timeouts. Theoretically, it could lead to memory corruption, which might allow further exploitation, but no such exploits are known. The impact affects confidentiality, integrity, and availability of affected Ruby applications relying on the vulnerable DNS resolution functions.
Mitigation Recommendations
No official patch or remediation level has been published by the vendor as of now. Users should monitor the ruby-lang project advisories for updates and apply any official fixes once available. Until then, consider avoiding or limiting use of Addrinfo.getaddrinfo(..., timeout:) and Socket.tcp(..., resolv_timeout:) with untrusted DNS sources or implement external DNS resolution safeguards. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-05-16T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a109994e1370fbb482dd163
Added to database: 5/22/2026, 5:59:48 PM
Last enriched: 5/22/2026, 6:14:46 PM
Last updated: 5/23/2026, 4:42:05 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.