[FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4] rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods

Severity High

Affected Packages 5

CVEs 1

Stanislav Valkanov reports:

    Date's parsing methods including Date.parse
    are using Regexps internally, some of which are vulnerable
    against regular expression denial of service. Applications
    and libraries that apply such methods to untrusted input
    may be affected.

Package	Affected Version
pkg:freebsd/rubygem-date	< 3.2.1
pkg:freebsd/ruby30	< 3.0.3,1
pkg:freebsd/ruby27	< 2.7.5,1
pkg:freebsd/ruby26	< 2.6.9,1
pkg:freebsd/ruby	< 2.6.9,1

ID

FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4

Severity

high

Severity from

CVE-2021-41817

URL

http://vuxml.freebsd.org/freebsd/6916ea94-4628-11ec-bbe2-0800270512f4.html

Published

2021-11-15T00:00:00
(2 years ago)

Modified

2021-11-15T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/rubygem-date	rubygem-date	< 3.2.1
Affected	pkg:freebsd/ruby30	ruby30	< 3.0.3,1
Affected	pkg:freebsd/ruby27	ruby27	< 2.7.5,1
Affected	pkg:freebsd/ruby26	ruby26	< 2.6.9,1
Affected	pkg:freebsd/ruby	ruby	< 2.6.9,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date