CVE-2021-41817
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41817
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41817.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41817
- Aliases
- Downstream
- Related
- Published
- 2022-01-01T05:15:08Z
- Modified
- 2025-10-08T04:53:49.219423Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
- References
-
- https://security.gentoo.org/glsa/202401-27
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
- https://hackerone.com/reports/1254844
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
Affected packages
Git / github.com/ruby/date
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ruby/date
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/ruby/ruby
- Events
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 349.0,
"function_hash": "73419902596401599923290588823819877510"
},
"id": "CVE-2021-41817-00851ec3",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_httpdate",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 330.0,
"function_hash": "212711960199412273468303325882202964758"
},
"id": "CVE-2021-41817-0a8ccd88",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_iso8601",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 425.0,
"function_hash": "61735624283033223905572007307413464931"
},
"id": "CVE-2021-41817-1ce04369",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_parse",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 11877.0,
"function_hash": "30784073466340028530739077067385511330"
},
"id": "CVE-2021-41817-57623106",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "Init_date_core",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 350.0,
"function_hash": "107507239166747057372229883088654738151"
},
"id": "CVE-2021-41817-6020e96d",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_rfc2822",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 345.0,
"function_hash": "231046672181619559592437142964071672016"
},
"id": "CVE-2021-41817-71161590",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_rfc3339",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 349.0,
"function_hash": "73419902596401599923290588823819877510"
},
"id": "CVE-2021-41817-784127a3",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_httpdate",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 350.0,
"function_hash": "107507239166747057372229883088654738151"
},
"id": "CVE-2021-41817-a238ee62",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_rfc2822",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 345.0,
"function_hash": "231046672181619559592437142964071672016"
},
"id": "CVE-2021-41817-b10da5e4",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_xmlschema",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 440.0,
"function_hash": "3814279978779698176701527429341357514"
},
"id": "CVE-2021-41817-bc8c6958",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_parse",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 330.0,
"function_hash": "212711960199412273468303325882202964758"
},
"id": "CVE-2021-41817-bcaea3ba",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_jisx0301",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 345.0,
"function_hash": "231046672181619559592437142964071672016"
},
"id": "CVE-2021-41817-c0c48b0d",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_jisx0301",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 490.0,
"function_hash": "171986435820199320283229405259323146089"
},
"id": "CVE-2021-41817-c71061fd",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s__parse_internal",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 345.0,
"function_hash": "231046672181619559592437142964071672016"
},
"id": "CVE-2021-41817-d26edbb7",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_rfc3339",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 330.0,
"function_hash": "212711960199412273468303325882202964758"
},
"id": "CVE-2021-41817-e1a2b1b8",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "date_s_xmlschema",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"length": 345.0,
"function_hash": "231046672181619559592437142964071672016"
},
"id": "CVE-2021-41817-f131b13d",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "datetime_s_iso8601",
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
},
{
"digest": {
"line_hashes": [
"45846544351628558653778062774354443241",
"192276149175941592963399362193900966978",
"39382282141823749980135020424995417826",
"637853729818463414017032140826134485",
"89046394033416816734563841831670197455",
"336164139478444247242731097512012173036",
"4212513995976116191812518215636595596",
"176425729528857015092149274726582679100",
"3943957694757990552142365768508759202",
"185737145906889669362091954669414557586",
"201848608949272681589716547622004095608",
"176033701524612967363839240200067029923",
"157557699180548131840864260714790891276",
"195880175486372610543264462101067455671",
"3210198068369163244866072400177023792",
"175663526074889484191555041813482579260",
"7296811751888542912693687015351762437",
"222546746064636995713113568957260180293",
"328606212940525676787863826270546536186",
"25187151489468839087849818296677349918",
"332059213561587455237479907331775764112",
"70643957447149064639376623772823205287",
"53737415811979424228500525992772975251",
"305007379352771040524271524601656438689",
"326446123968783603789282351036918565225",
"42373032521701776474443222002365101055",
"2324901467685966330524664676943359692",
"337592186121797734414776883160930900794",
"280415721936971981540160721864895104712",
"158087526011158431238408557819414645514",
"138471789308586546142005733203001653729",
"47838415311514544569074478179673833007",
"269801877006695187259582392938847595877",
"329447200384648745238929041371651619134",
"91544080829925300843857274853534427967",
"250750193830125459069265155357290720876",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"248313580812220045922403905193531357711",
"41828886517469439119238536008099656858",
"303229430875609868634793602341714913643",
"332334974491871849751466908336059329314",
"299267807551893294106107475823962005840",
"276101375538585573689504291613255847085",
"61524545535732584101901494103481813163",
"69147418875631794648558162854319139737",
"48800485793191966666997805751838349308",
"142883187517566080257779755150971792506",
"121725065747734257224091403088935862657",
"167967252216698548804121943879087629779",
"70671116062281729149207561158119236444",
"177243970699692707637735903676343968289",
"115739685698929668117226053035722761692",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"87434416034881750407366628421716522207",
"98419213588511608600047351078523820481",
"161355248999652610969207450816858422400",
"152883813786161921112702931193440994865",
"103131387958418643521301910307702580073",
"276101375538585573689504291613255847085",
"193362463785884331440150789824917593324",
"52359842715188047438677799068802776983",
"76893129462181516047015234371629461344",
"257171963054495344750295192288773200402",
"247108782730505577143840730722265861960",
"61941072899556557797601471596915443207",
"308453770347449729304356847895739388638",
"235684924183020055650719921660199581012",
"153571240164964647587810150966720134848",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"248313580812220045922403905193531357711",
"120759960783069902066663516823130125105",
"140280726517568026319305122509017852864",
"314848186124230790748893609398340473718",
"249098396202954792432332965278072000156",
"276101375538585573689504291613255847085",
"26320038995800143044268504083340460708",
"319011189204386404654136298596025299817",
"269722324312246556385577737518610460856",
"75007743059529326280586447507230929418",
"266099346270375684349237857767611119053",
"57160431310993137738326317429510342430",
"317008503793389891453251537672683817684",
"259709102939505289248959084748118566645",
"332041329177280774846661668596276756951",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"216417710620522506925855427024682959603",
"80485925147210391331343534813862882420",
"118929098959012467915284201477500675548",
"301875011049767517218403481931860810687",
"67288790948717425878238071532425952815",
"276101375538585573689504291613255847085",
"115516680747253644067162621432499188490",
"256698563627553318480771775629819597481",
"123447961294781175668460673041734627021",
"91049412015499050515943789120176384850",
"156606450769028235463747905339622180791",
"150489518107945111421113243174290798038",
"125363903179615011938356929854446467750",
"210036224833107885842637915551352966550",
"211137124773307027526015739754059443521",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"142399385600375171595899195526956641958",
"313912249906763119413755313835515321855",
"88782532235683390180962668872090955757",
"241698631630659924712136340574531823337",
"52391490102993648752526756552198470136",
"276101375538585573689504291613255847085",
"290568679864254916192327700548542348259",
"242076403014830964070515171803363052044",
"40587397682200570384394451108821032120",
"147446500222970266133210689198342724903",
"170793887736230330339703971297269754466",
"333512520075670795548081288967026951841",
"182209439811020943289884817132710244835",
"233643651608953324959027745522498330364",
"66558669351444237812427384383579030751",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"248313580812220045922403905193531357711",
"243303434290657144217634059087274713885",
"90147488957185740376839904935051580224",
"185038178001949073102631842945308630599",
"82880430119153953117095937855131408055",
"204872859335877029061059258904547302694",
"62348967231672224570452141677278937234",
"261361998846888077922979026917692901910",
"151656363195975996286049450245516581271",
"116952699412229104524460900208723645612",
"7296811751888542912693687015351762437",
"222546746064636995713113568957260180293",
"259462267755661942704316495838006941935",
"25187151489468839087849818296677349918",
"332059213561587455237479907331775764112",
"70643957447149064639376623772823205287",
"53737415811979424228500525992772975251",
"24891318223654309161268102662772386524",
"190402589227482569681359045941008774013",
"107620888700823877430891253965331769728",
"204872859335877029061059258904547302694",
"28783530115683254128022154589161710162",
"17665415577336045098418307335839359801",
"183488249471306249048309452859330205193",
"39530256187882612195148483964764612628",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"87434416034881750407366628421716522207",
"41828886517469439119238536008099656858",
"128958134240120193127402023736535147048",
"66408788585366562058052574815109183546",
"242364995340074482817740378303980473138",
"204872859335877029061059258904547302694",
"260780786999544046032660559160490510048",
"184885715787904970699977136703749468583",
"30826362299408575753675460482027800103",
"178110938942313725751744625982079018679",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"87434416034881750407366628421716522207",
"98419213588511608600047351078523820481",
"331854801313292545600923024901606863554",
"104113174662003383568357838617427196578",
"99232354344338598907401272948256880296",
"204872859335877029061059258904547302694",
"223118256589596832167793050982272584517",
"47100201770960017963064693824298716230",
"31493974255056291728897199612480705734",
"303839467698555433794105810649922713258",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"87434416034881750407366628421716522207",
"120759960783069902066663516823130125105",
"10727596004933982503131615392740391852",
"61990872535608241436476528667159047722",
"194829310274283899841037064765819903581",
"204872859335877029061059258904547302694",
"200968056069506950470869522317167516303",
"19017440639560600554571575304645485862",
"300932734034502364917611750583242008109",
"168735388422809636099587389826469927575",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"216417710620522506925855427024682959603",
"80485925147210391331343534813862882420",
"307964352004072813888697452095769584858",
"131253212190234453470916247426814344423",
"46854758801296416382424573610398066801",
"204872859335877029061059258904547302694",
"137483296056514000324077507993449284319",
"254288118111931536126465445778272017048",
"299839557539342552510148015659580834064",
"53905507025283407416055313543775477786",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"142399385600375171595899195526956641958",
"313912249906763119413755313835515321855",
"167079473700643760248255990436601891946",
"215790373947909831373732258792634688289",
"87877131715459670629437928799117438686",
"204872859335877029061059258904547302694",
"5121306518546915694375011501986652548",
"132276451619784774833942158975644949098",
"102316446176289702679987405504085986566",
"55679730107791047980073425376419883926",
"150271084928037690306697710816705402598",
"239775906051728036658693536168572586995",
"87434416034881750407366628421716522207",
"243303434290657144217634059087274713885",
"284423362213584734416814264109529668237",
"278825906597952531097437736281219155000",
"3744518760214544371770993484948778840",
"270327365707805210652398117132385200187",
"324890136582234285108763577459648488657",
"39206393731617304362007218985512964111",
"80385418259202623607195431065638382344",
"143952158636998604629385207026801115839",
"184265841772705245532613241157171194400",
"180395085682123564476574236267058048039",
"110190358464962549126219630359733296117",
"114913397228106974590392520661275515204",
"281056175563910731931504668448666340165",
"241279343743021949331737376811425684528",
"160765710724364387285346789013359676419",
"259681810658806660071089970089398756302",
"37532952389793455744206591479278866541",
"195010053139285565853636086338340576158",
"3696423597471496405385543196399537056"
],
"threshold": 0.9
},
"id": "CVE-2021-41817-fdacb88c",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "ext/date/date_core.c"
},
"source": "https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3"
}
]
}