CVE-2021-41816
ruby: buffer overflow in CGI.escape_html
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
El archivo CGI.escape_html en Ruby versiones anteriores a 2.7.5 y 3.x versiones anteriores a 3.0.3, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante por medio de una cadena larga en plataformas (como Windows) donde size_t y long tienen diferentes números de bytes. Esto también afecta a CGI gem versiones anteriores a 0.3.1 para Ruby
A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-29 CVE Reserved
- 2022-01-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-07-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2021-41816 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20220303-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816 | 2024-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | <= 0.2.0 Search vendor "Ruby-lang" for product "Cgi" and version " <= 0.2.0" | ruby |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 3.0.0 < 3.0.3 Search vendor "Ruby-lang" for product "Ruby" and version " >= 3.0.0 < 3.0.3" | - |
Safe
|
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | <= 0.1.0 Search vendor "Ruby-lang" for product "Cgi" and version " <= 0.1.0" | ruby |
Affected
| in | Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.7.0 < 2.7.5 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.7.0 < 2.7.5" | - |
Safe
|
| Ruby-lang Search vendor "Ruby-lang" | Cgi Search vendor "Ruby-lang" for product "Cgi" | < 0.3.1 Search vendor "Ruby-lang" for product "Cgi" and version " < 0.3.1" | ruby |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||