CVE-2021-41816: Buffer Overrun in CGI.escape_html

47 views

Skip to first unread message

an...@arko.net

unread,

Nov 24, 2021, 8:23:53 AM11/24/21

to ruby-sec...@googlegroups.com

A buffer overrun vulnerability was discovered in CGI.escape_html. This vulnerability has been assigned the CVE identifier CVE-2021-41816. We strongly recommend upgrading Ruby.

Details

A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.

Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You can use gem update cgi to update it. If you are using bundler, please add gem "cgi", ">= 0.3.1" to your Gemfile. Alternatively, please update Ruby to 2.7.5 or 3.0.3.

This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6 is not vulnerable.

Affected versions

cgi gem 0.1.0 or prior (which are bundled versions with Ruby 2.7 series)
cgi gem 0.2.0 or prior (which are bundled versions with Ruby 3.0 series)
cgi gem 0.3.0 or prior

Credits

Thanks to chamal for discovering this issue.

History

Originally published at 2021-11-24 12:00:00 (UTC)

Posted by mame on 24 Nov 2021

https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/

Reply all

Reply to author

Forward

0 new messages