Bug 2026752 (CVE-2021-41816)
Summary: | CVE-2021-41816 ruby: buffer overflow in CGI.escape_html | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdettelb, caswilli, hhorak, joe, jorton, jprokop, jwong, kaycoth, mo, mtasaka, pvalena, ruby-maint, ruby-packagers-sig, s, strzibny, vanmeeuwen+fedora, vmugicag, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-29 14:58:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2026753, 2026754, 2026755, 2026756, 2028506, 2028507, 2128626, 2128634 | ||
Bug Blocks: | 2026764 |
Description
Guilherme de Almeida Suckevicz
2021-11-25 18:05:35 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 2026754] Created ruby:2.7/ruby tracking bugs for this issue: Affects: fedora-all [bug 2026753] Created ruby:3.0/ruby tracking bugs for this issue: Affects: fedora-35 [bug 2026756] Created ruby:master/ruby tracking bugs for this issue: Affects: fedora-all [bug 2026755] The buffer overflow present in this flaw is only exploitable under circumstances where the system long type is 4 bytes. This would be 32 bit UNIX systems or windows. Due to this, RHEL 7 and above are unaffected by this flaw. RHSCL is affected due to potentially providing software to RHEL6 systems which can be 32 bit. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6856 https://access.redhat.com/errata/RHSA-2022:6856 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41816 |