File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ ---
2+ gem : json
3+ cve : 2026-54696
4+ ghsa : x2f5-4prf-w687
5+ url : https://nvd.nist.gov/vuln/detail/CVE-2026-54696
6+ title : JSON generator heap buffer overflow when streaming to an IO
7+ date : 2026-06-30
8+ description : |
9+ Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through
10+ 2.19.8 are vulnerable to heap buffer overflow when the JSON generator
11+ is provided with an oversized streamed object.
12+
13+ When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io)
14+ can write past the internal JSON generator buffer when a streamed
15+ object contains an attacker-controlled string near 16 KB. Exploitation
16+ would result in a reliable process crash/denial of service.
17+
18+ This was triaged on HackerOne as report #3785370.
19+ The issue was confirmed there and I was asked to open it here.
20+
21+ This issue has been fixed in version 2.19.9.
22+ cvss_v3 : 3.7
23+ unaffected_versions :
24+ - " < 2.9.0"
25+ patched_versions :
26+ - " >= 2.19.9"
27+ related :
28+ url :
29+ - https://nvd.nist.gov/vuln/detail/CVE-2026-54696
30+ - https://rubygems.org/gems/json/versions/2.19.9
31+ - https://github.com/ruby/json/releases/tag/v2.19.9
32+ - https://github.com/ruby/json/blob/master/CHANGES.md#2026-06-11-2199
33+ - https://hackerone.com/reports/3785370
34+ - https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687
35+ notes : |
36+ - Got 2.19.9 and date from nvd.nist.gov web site.
You can’t perform that action at this time.
0 commit comments