FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-cgi -- buffer overrun in CGI.escape_html

Affected packages
2.7.0,1 <= ruby < 2.7.5,1
3.0.0,1 <= ruby < 3.0.3,1
2.7.0,1 <= ruby27 < 2.7.5,1
3.0.0,1 <= ruby30 < 3.0.3,1
rubygem-cgi < 0.3.1

Details

VuXML ID 2c6af5c3-4d36-11ec-a539-0800270512f4
Discovery 2021-11-24
Entry 2021-11-24

chamal reports:

A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.

References

CVE Name CVE-2021-41816
URL https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/