ALPINE-CVE-2021-41816

ALPINE-CVE-2021-41816 PUBLISHED CVSS 9.800000190734863 CRITICAL

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.15	ruby	1.8.7, 1.8.7, 0
Alpine:v3.17	ruby	*, 3.0.2-r0, 2.7.4-r2
Alpine:v3.19	ruby	3.0.2-r0, 2.0.0_p353-r2, 2.0.0_p481-r0
Alpine:v3.12	ruby	2.7.4-r0, 2.7.3-r0, 2.7.2-r1
Alpine:v3.13	ruby	2.2.4-r0, 1.8.7_p160-r2, 1.8.7_p160-r3
Alpine:v3.21	ruby	0, 0, 0
Alpine:v3.14	ruby	2.6.5-r0, 2.6.5-r2, 2.6.6-r2
Alpine:v3.20	ruby	0, 0, 0
Alpine:v3.18	ruby	*, 2.0.0, 2.0.0
Alpine:v3.22	ruby	0, 0, 0
Alpine:v3.16	ruby	2.4.1-r2, 2.4.1-r3, 2.4.1-r4
Alpine:v3.23	ruby	0, 0, 0

Timeline

Feb 6, 2022 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2021-41816 advisory

Open in Interactive Console →