CVE-2021-41816 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	A security issue has been found in Ruby before versions 3.0.3 and 2.7.5. A buffer overrun vulnerability was discovered in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1 when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2582	ruby	3.0.2-2		Medium	Not affected

References
https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ https://hackerone.com/reports/1328463 https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a

References

https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/
https://hackerone.com/reports/1328463
https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a