Out of Bound Read in Ruby JSON Library Version 2.10.0
CVE-2025-27788

7.5HIGH

Key Information:

Vendor: Ruby
Status: Json
Vendor: CVE Published:; 12 March 2025

🔔 Create Ruby Vulnerability Alert

What is CVE-2025-27788?

The Ruby JSON library, starting from version 2.10.0 and prior to version 2.10.2, is susceptible to an out-of-bounds read vulnerability due to a specially crafted document. This may lead to a crash of the application. Users are advised to update to version 2.10.2, which addresses this issue, as no known workarounds are available.

Affected Version(s)

json >= 2.10.0, < 2.10.2

References

https://github.com/ruby/json/security/advisories/GHSA-9m3...

x_refsource_CONFIRM

https://github.com/ruby/json/commit/c56db31f800d5d5083897...

x_refsource_MISC

https://github.com/ruby/json/releases/tag/v2.10.2

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Mar 6, 2025

.

CVE-2025-27788 : Out of Bound Read in Ruby JSON Library Version 2.10.0