CVE-2021-41816
published 2022-02-06CVE-2021-41816: CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.77%
90.8th percentile
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | < ruby2.7 2.7.4-1+deb11u1 (bullseye) | ruby2.7 2.7.4-1+deb11u1 (bullseye) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| ruby-lang | cgi | < 0.3.1 | 0.3.1 |
| ruby-lang | cgi | <= 0.2.0 | — |
| ruby-lang | cgi | <= 0.1.0 | — |
| ruby-lang | cgi | >= 0 < 0.1.0.1 | 0.1.0.1 |
| ruby-lang | cgi | >= 0.2.0 < 0.2.1 | 0.2.1 |
| ruby-lang | cgi | >= 0.3.0 < 0.3.1 | 0.3.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2021-41816: CGI
osv·2022-02-06·CVSS 9.8
CVE-2021-41816 [CRITICAL] CVE-2021-41816: CGI
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
OSV
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
osv·2022-01-18·CVSS 9.8
CVE-2021-41816 [CRITICAL] ruby2.3, ruby2.5, ruby2.7 vulnerabilities
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
It was discovered that Ruby incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
(CVE-2021-41816)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a regular expression
denial of service. (CVE-2021-41817)
It was discovered that Ruby incorrectly handled certain cookie names.
An attacker could possibly use this issue to access or expose
sensitive information. (CVE-2021-41819)
OSV
Buffer overrun in CGI.escape_html
osv·2021-12-14
CVE-2021-41816 [CRITICAL] Buffer overrun in CGI.escape_html
Buffer overrun in CGI.escape_html
A buffer overrun vulnerability was discovered in CGI.escape_html. This can lead to a buffer overflow when a user passes a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.
GHSA
Buffer overrun in CGI.escape_html
ghsa·2021-12-14
CVE-2021-41816 [CRITICAL] CWE-190 Buffer overrun in CGI.escape_html
Buffer overrun in CGI.escape_html
A buffer overrun vulnerability was discovered in CGI.escape_html. This can lead to a buffer overflow when a user passes a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2022-01-18·CVSS 9.8
CVE-2021-41816 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
(CVE-2021-41816)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a regular expression
denial of service. (CVE-2021-41817)
It was discovered that Ruby incorrectly handled certain cookie names.
An attacker could possibly use this issue to access or expose
sensitive information. (CVE-2021-41819)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ruby: buffer overflow in CGI.escape_html
vendor_redhat·2021-11-24·CVSS 9.8
CVE-2021-41816 [CRITICAL] CWE-119 ruby: buffer overflow in CGI.escape_html
ruby: buffer overflow in CGI.escape_html
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
Package: ruby (Red Hat Enterprise Linux 7) - Not affected
Package: ruby:2.5/ruby (Red Hat Enterprise Linux 8) - Not affected
Package: ruby:2.6/ruby (Red Hat Ente
Debian
CVE-2021-41816: ruby2.7 - CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflo...
vendor_debian·2021·CVSS 9.8
CVE-2021-41816 [CRITICAL] CVE-2021-41816: ruby2.7 - CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflo...
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
Scope: local
bullseye: resolved (fixed in 2.7.4-1+deb11u1)
No detection rules found.
No public exploits indexed.
https://hackerone.com/reports/1328463https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/https://security-tracker.debian.org/tracker/CVE-2021-41816https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220303-0006/https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/https://hackerone.com/reports/1328463https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/https://security-tracker.debian.org/tracker/CVE-2021-41816https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20220303-0006/https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
2022-02-06
Published