CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ruby2.7-doc": "2.7.0-5ubuntu1.6", "ruby2.7-dbgsym": "2.7.0-5ubuntu1.6", "ruby2.7": "2.7.0-5ubuntu1.6", "libruby2.7": "2.7.0-5ubuntu1.6", "libruby2.7-dbgsym": "2.7.0-5ubuntu1.6", "ruby2.7-dev": "2.7.0-5ubuntu1.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ruby3.0-dev": "3.0.2-7ubuntu2", "ruby3.0": "3.0.2-7ubuntu2", "ruby3.0-doc": "3.0.2-7ubuntu2", "libruby3.0": "3.0.2-7ubuntu2", "libruby3.0-dbgsym": "3.0.2-7ubuntu2", "ruby3.0-dbgsym": "3.0.2-7ubuntu2" } ] }