Out-of-bounds Read in Ruby JSON Parser
Published: March 12, 2025
SECURITY IDENTIFIERS
- CVE: CVE-2025-27788 (NVD)
- GHSA: GHSA-9m3q-rhmv-5q44
- Vendor Advisory: https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
UNAFFECTED VERSIONS
< 2.10.0
PATCHED VERSIONS
>= 2.10.2
DESCRIPTION
Impact
A specially crafted document could cause an out of bound read, most likely resulting in a crash.
Versions 2.10.0 and 2.10.1 are impacted. Older versions are not.
Patches
Version 2.10.2 fixes the problem.
Workarounds
None.