CVE-2021-41816

🗓️ 02 Dec 2021 00:00:00Reported by ubuntu.comType

CGI.escape_html integer overflow & buffer overflow via long string in Ruby before 2.7.5 & 3.x before 3.0.3. Also affects CGI gem before 0.3.

Reporter	Title	Published	Views	Family All 79
FreeBSD	rubygem-cgi -- buffer overrun in CGI.escape_html	24 Nov 202100:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
ATTACKERKB	CVE-2021-41816	6 Feb 202221:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : ruby (ALASRUBY3.0-2023-003)	27 Sep 202300:00	–	nessus
Tenable Nessus	Debian DSA-5067-1 : ruby2.7 - security update	4 Feb 202200:00	–	nessus
Tenable Nessus	GLSA-202401-27 : Ruby: Multiple vulnerabilities	24 Jan 202400:00	–	nessus
Tenable Nessus	MiracleLinux 7 : rh-ruby27-ruby-2.7.6-131.el7 (AXSA:2022-3889:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 7 : rh-ruby30-ruby-3.0.4-149.el7 (AXSA:2022-3890:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	RHEL 7 : rh-ruby30-ruby (RHSA-2022:6855)	11 Oct 202200:00	–	nessus
Tenable Nessus	RHEL 7 : rh-ruby27-ruby (RHSA-2022:6856)	11 Oct 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	20.04	any	ruby2.7	2.7.0-5ubuntu1.6	ruby2.7_2.7.0-5ubuntu1.6_any.deb
Ubuntu	21.04	any	ruby2.7	2.7.2-4ubuntu1.3	ruby2.7_2.7.2-4ubuntu1.3_any.deb
Ubuntu	21.10	any	ruby2.7	2.7.4-1ubuntu3.1	ruby2.7_2.7.4-1ubuntu3.1_any.deb
Ubuntu	22.04	any	ruby3.0	3.0.2-7ubuntu2	ruby3.0_3.0.2-7ubuntu2_any.deb

Source	Link
ruby-lang	www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
github	www.github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a
ubuntu	www.ubuntu.com/security/notices/USN-5235-1
cve	www.cve.org/CVERecord

25 Aug 2025 23:41Current

7High risk

Vulners AI Score7

CVSS 27.5

CVSS 3.19.8

EPSS0.04766