Fluid Attacks Database

Description

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	ruby2.7	=2.7.4-1 \|\| =2.7.4-1+deb11u1 \|\| =2.7.4-1+deb11u2 \|\| =2.7.4-1+deb11u3 \|\| =2.7.4-1+deb11u4 \|\| =2.7.4-1+deb11u5 \|\| =2.7.5-1
debian 12	ruby3.1	=3.1.2-7 \|\| =3.1.2-7+deb12u1 \|\| =3.1.2-7+hurd.1 \|\| =3.1.2-8 \|\| =3.1.2-8.1~exp1 \|\| =3.1.2-8.3 \|\| =3.1.2-8.4 \|\| =3.1.2-8.5
rpm rhel8	ruby	-
rpm rhel6	ruby	-
rpm rhel7	ruby	-

Aliases

1. CVE-2025-03062. NVD-2025-03063. OSV-DEBIAN-2025-03064. OSV-2025-03065. SECURITY-TRACKER-CVE-2025-0306

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.