Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-41816

Опубликовано: 24 нояб. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rubyNot affected
Red Hat Enterprise Linux 7rubyNot affected
Red Hat Enterprise Linux 8ruby:2.5/rubyNot affected
Red Hat Enterprise Linux 8ruby:2.6/rubyNot affected
Red Hat Enterprise Linux 8ruby:2.7/rubyNot affected
Red Hat Enterprise Linux 8ruby:3.0/rubyNot affected
Red Hat Enterprise Linux 9rubyNot affected
Red Hat Software Collectionsrh-ruby26-rubyNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-ruby30-rubyFixedRHSA-2022:685511.10.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-ruby27-rubyFixedRHSA-2022:685611.10.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2026752ruby: buffer overflow in CGI.escape_html

EPSS

Процентиль: 79%
0.01308
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-41816

CVSS3: 9.8
ubuntu
больше 3 лет назад

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

nvd логотип

CVE-2021-41816

CVSS3: 9.8
nvd
больше 3 лет назад

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

debian логотип

CVE-2021-41816

CVSS3: 9.8
debian
больше 3 лет назад

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...

github логотип

GHSA-5cqm-crxm-6qpv

CVSS3: 9.8
github
больше 3 лет назад

Buffer overrun in CGI.escape_html

fstec логотип

BDU:2021-06123

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость программного средства cgi gem, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код в целевой системе

EPSS

Процентиль: 79%
0.01308
Низкий

7.5 High

CVSS3