Skip to content

Commit 1bc02ab

Browse files
authored
Merge pull request #1154 from jasnow/more-advs-260704
GHSA/SYNC: 1 new json advisory @simi - Thanks for reviewing my PR.
2 parents d3a4008 + 88fab88 commit 1bc02ab

1 file changed

Lines changed: 36 additions & 0 deletions

File tree

gems/json/CVE-2026-54696.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
gem: json
3+
cve: 2026-54696
4+
ghsa: x2f5-4prf-w687
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2026-54696
6+
title: JSON generator heap buffer overflow when streaming to an IO
7+
date: 2026-06-30
8+
description: |
9+
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through
10+
2.19.8 are vulnerable to heap buffer overflow when the JSON generator
11+
is provided with an oversized streamed object.
12+
13+
When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io)
14+
can write past the internal JSON generator buffer when a streamed
15+
object contains an attacker-controlled string near 16 KB. Exploitation
16+
would result in a reliable process crash/denial of service.
17+
18+
This was triaged on HackerOne as report #3785370.
19+
The issue was confirmed there and I was asked to open it here.
20+
21+
This issue has been fixed in version 2.19.9.
22+
cvss_v3: 3.7
23+
unaffected_versions:
24+
- "< 2.9.0"
25+
patched_versions:
26+
- ">= 2.19.9"
27+
related:
28+
url:
29+
- https://nvd.nist.gov/vuln/detail/CVE-2026-54696
30+
- https://rubygems.org/gems/json/versions/2.19.9
31+
- https://github.com/ruby/json/releases/tag/v2.19.9
32+
- https://github.com/ruby/json/blob/master/CHANGES.md#2026-06-11-2199
33+
- https://hackerone.com/reports/3785370
34+
- https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687
35+
notes: |
36+
- Got 2.19.9 and date from nvd.nist.gov web site.

0 commit comments

Comments
 (0)