Add CVE-2025-24294: DoS in resolv gem

[hudakh]

Description:
Adds an advisory for a denial-of-service vulnerability in the resolv library bundled with Ruby.

Details:
A vulnerability exists in resolv where an attacker can craft a malicious DNS packet with a highly compressed domain name.
During parsing, the name-decompression can consume excessive CPU resources, leading to a thread or application becoming unresponsive (DoS).
Announcement

Affected versions:

• Ruby 3.2 series: resolv ≤ 0.2.2
• Ruby 3.3 series: resolv = 0.3.0
• Ruby 3.4 series: resolv ≤ 0.6.1

References:

• https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
• https://nvd.nist.gov/vuln/detail/CVE-2025-24294
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resolv/CVE-2025-24294.yml

[hudakh]

@jasnow for your review

[postmodern]

This doesn't appear to be in the format of ruby-advisory-db's YAML schema. Please see the examples and YAML schema documentation.

[postmodern]

ruby-advisory-db omits the CVE- from the cve: field.

[postmodern]

Also will need to list the specific new ruby versions that were released, instead of the resolv gem versions.

[hudakh]

Thanks @postmodern. All addressed now, apologies for using the wrong schema.

[postmodern]

Linter failed because of the indentation on lines 20-24. Should be four spaces, not two.

[hudakh]

Linter failed because of the indentation on lines 20-24. Should be four spaces, not two.

Just saw that and pushed a fix.