PublicDateAtUSN: 2021-12-02 00:00:00 UTC
Candidate: CVE-2021-41816
PublicDate: 2022-02-06 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816
 https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
 https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a
 https://ubuntu.com/security/notices/USN-5235-1
Description:
 CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer
 overflow and resultant buffer overflow via a long string on platforms (such
 as Windows) where size_t and long have different numbers of bytes. This
 also affects the CGI gem before 0.3.1 for Ruby.
Ubuntu-Description:
Notes:
 leosilva> introduced by https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ruby3.0:
upstream_ruby3.0: needs-triage
trusty_ruby3.0: ignored (out of standard support)
xenial_ruby3.0: ignored (out of standard support)
jammy_ruby3.0: released (3.0.2-7ubuntu2)
devel_ruby3.0: released (3.0.2-7ubuntu2)

Patches_ruby2.7:
upstream_ruby2.7: needs-triage
trusty_ruby2.7: ignored (out of standard support)
xenial_ruby2.7: ignored (out of standard support)
focal_ruby2.7: released (2.7.0-5ubuntu1.6)
hirsute_ruby2.7: released (2.7.2-4ubuntu1.3)
impish_ruby2.7: released (2.7.4-1ubuntu3.1)

Patches_ruby2.5:
upstream_ruby2.5: needs-triage
trusty_ruby2.5: ignored (out of standard support)
xenial_ruby2.5: ignored (out of standard support)
bionic_ruby2.5: not-affected

Patches_ruby2.3:
upstream_ruby2.3: needs-triage
esm-infra/xenial_ruby2.3: not-affected
trusty_ruby2.3: ignored (out of standard support)
xenial_ruby2.3: ignored (out of standard support)