CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
ruby-langdate
𝑥
< 2.0.1
ruby-langdate
3.0.0 ≤
𝑥
< 3.0.2
ruby-langdate
3.1.0 ≤
𝑥
< 3.1.2
ruby-langdate
3.2.0
ruby-langruby
2.6.0 ≤
𝑥
< 2.6.9
ruby-langruby
2.7.0 ≤
𝑥
< 2.7.5
ruby-langruby
3.0.0 ≤
𝑥
< 3.0.3
redhatsoftware_collections
-
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
suselinux_enterprise
12.0
suselinux_enterprise
15.0
opensusefactory
-
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby2.7
bullseye
2.7.4-1+deb11u1
fixed
bullseye (security)
2.7.4-1+deb11u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby2.3
trusty
ignored
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm2
released
ruby2.5
bionic
Fixed 2.5.1-1ubuntu1.11
released
trusty
ignored
xenial
ignored
ruby2.7
focal
Fixed 2.7.0-5ubuntu1.6
released
hirsute
Fixed 2.7.2-4ubuntu1.3
released
impish
Fixed 2.7.4-1ubuntu3.1
released
trusty
ignored
xenial
ignored
ruby3.0
jammy
Fixed 3.0.2-7ubuntu2
released
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_5-2_5
suse enterprise desktop 15 SP3
2.5.9-150000.4.23.1
fixed
suse enterprise desktop 15 SP4
2.5.9-150000.4.23.1
fixed
suse enterprise desktop 15 SP5
2.5.9-150000.4.23.1
fixed
suse enterprise desktop 15 SP6
2.5.9-150000.4.29.1
fixed
suse enterprise desktop 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise sap 15 SP1
2.5.9-150000.4.29.1
fixed
suse enterprise sap 15 SP2
2.5.9-150000.4.29.1
fixed
suse enterprise sap 15 SP3
2.5.9-150000.4.23.1
fixed
suse enterprise sap 15 SP4
2.5.9-150000.4.23.1
fixed
suse enterprise sap 15 SP5
2.5.9-150000.4.23.1
fixed
suse enterprise sap 15 SP6
2.5.9-150000.4.29.1
fixed
suse enterprise sap 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise server 15
2.5.9-150000.4.23.1
fixed
suse enterprise server 15 SP1
2.5.9-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.5.9-150000.4.29.1
fixed
suse enterprise server 15 SP3
2.5.9-150000.4.29.1
fixed
suse enterprise server 15 SP4
2.5.9-150000.4.29.1
fixed
suse enterprise server 15 SP5
2.5.9-150000.4.23.1
fixed
suse enterprise server 15 SP6
2.5.9-150000.4.29.1
fixed
suse enterprise server 15 SP7
2.5.9-150700.22.16
fixed
libruby3_4-3_4
suse enterprise desktop 15 SP7
3.4.1-150700.1.11
fixed
suse enterprise sap 15 SP7
3.4.1-150700.1.11
fixed
suse enterprise server 15 SP7
3.4.1-150700.1.11
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-debuginfo
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-devel
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-doc
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-irb
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-libs
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
ruby-tcltk
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.6
fixed
rubygem-bigdecimal
Amazon Linux 2
0:1.2.0-36.amzn2.0.6
fixed
rubygem-io-console
Amazon Linux 2
0:0.4.2-36.amzn2.0.6
fixed
rubygem-json
Amazon Linux 2
0:1.7.7-36.amzn2.0.6
fixed
rubygem-minitest
Amazon Linux 2
0:4.3.2-36.amzn2.0.6
fixed
rubygem-psych
Amazon Linux 2
0:2.0.0-36.amzn2.0.6
fixed
rubygem-rake
Amazon Linux 2
0:0.9.6-36.amzn2.0.6
fixed
rubygem-rdoc
Amazon Linux 2
0:4.0.0-36.amzn2.0.6
fixed
rubygems
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.6
fixed
rubygems-devel
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.6
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
ruby
CBL-Mariner 2.0
0:3.1.2-2.cm2
fixed