Kuahyeow

**Name of the Vulnerable Software and Affected Versions** bindata RubyGem versions prior to 2.4.10 **Description** The issue is related to a potential denial-of-service vulnerability in the bindata RubyGem. In affected versions, it is very slow for certain classes in BinData to be created, such as `BinData::Bit100000`, `BinData::Bit100001`, `BinData::Bit100002`, and `BinData::Bit<N>`. When combined with `<user input>.constantize`, there is a potential for a CPU-based denial-of-service attack. This vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For bindata RubyGem versions prior to 2.4.10, update to version 2.4.10 or later, which improves the creation time of Bits and Integers, addressing the potential denial-of-service vulnerability. As a temporary workaround, consider restricting the use of the vulnerable classes, such as `BinData::Bit<N>`, to minimize the risk of exploitation. Additionally, avoid using the `<user input>.constantize` method in combination with these classes until the issue is resolved.