CVE-2021-41816

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 1.25 % (86^th)

Affected Products 3

Advisories 8

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-02-06 21:15:07
(2 years ago)
Updated Date: 2024-01-24 05:15:11
(7 months ago)

Affected Products

Fedoraproject

Fedora

Ruby-lang

Cgi
Ruby

Configuration #1

		CPE23	From	Up To
	Ruby-lang Cgi for Ruby prior 0.3.1 version	cpe:2.3:a:ruby-lang:cgi::::::ruby		< 0.3.1

Configuration #2

AND

		CPE23	From	Up To
OR
	Ruby-lang Ruby from 3.0.0 version and prior 3.0.3 version	cpe:2.3:a:ruby-lang:ruby	>= 3.0.0	< 3.0.3
OR
	Running on/with
	Ruby-lang Cgi for Ruby 0.2.0 and prior versions	cpe:2.3:a:ruby-lang:cgi::::::ruby		<= 0.2.0

Configuration #3

AND

		CPE23	From	Up To
OR
	Ruby-lang Ruby from 2.7.0 version and prior 2.7.5 version	cpe:2.3:a:ruby-lang:ruby	>= 2.7.0	< 2.7.5
OR
	Running on/with
	Ruby-lang Cgi for Ruby 0.1.0 and prior versions	cpe:2.3:a:ruby-lang:cgi::::::ruby		<= 0.1.0

Configuration #4

		CPE23	From	Up To
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35