CVE-2021-41816
ruby: buffer overflow in CGI.escape_html
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
El archivo CGI.escape_html en Ruby versiones anteriores a 2.7.5 y 3.x versiones anteriores a 3.0.3, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante por medio de una cadena larga en plataformas (como Windows) donde size_t y long tienen diferentes números de bytes. Esto también afecta a CGI gem versiones anteriores a 0.3.1 para Ruby
A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-29 CVE Reserved
- 2022-01-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2021-41816 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20220303-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816 | 2024-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | <= 0.2.0 Search vendor "Ruby-lang" for product "Cgi" and version " <= 0.2.0" | ruby |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 3.0.0 < 3.0.3 Search vendor "Ruby-lang" for product "Ruby" and version " >= 3.0.0 < 3.0.3" | - |
Safe
|
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | <= 0.1.0 Search vendor "Ruby-lang" for product "Cgi" and version " <= 0.1.0" | ruby |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.7.0 < 2.7.5 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.7.0 < 2.7.5" | - |
Safe
|
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | < 0.3.1 Search vendor "Ruby-lang" for product "Cgi" and version " < 0.3.1" | ruby |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||