Skip to content

Commit 932023f

Browse files
jasnowRubySec CI
authored andcommitted
Updated advisory posts against rubysec/ruby-advisory-db@1bc02ab
1 parent 5f69d26 commit 932023f

1 file changed

Lines changed: 43 additions & 0 deletions

File tree

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2026-54696 (json): JSON generator heap buffer overflow when streaming
4+
to an IO'
5+
comments: false
6+
categories:
7+
- json
8+
advisory:
9+
gem: json
10+
cve: 2026-54696
11+
ghsa: x2f5-4prf-w687
12+
url: https://nvd.nist.gov/vuln/detail/CVE-2026-54696
13+
title: JSON generator heap buffer overflow when streaming to an IO
14+
date: 2026-06-30
15+
description: |-
16+
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through
17+
2.19.8 are vulnerable to heap buffer overflow when the JSON generator
18+
is provided with an oversized streamed object.
19+
20+
When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io)
21+
can write past the internal JSON generator buffer when a streamed
22+
object contains an attacker-controlled string near 16 KB. Exploitation
23+
would result in a reliable process crash/denial of service.
24+
25+
This was triaged on HackerOne as report #3785370.
26+
The issue was confirmed there and I was asked to open it here.
27+
28+
This issue has been fixed in version 2.19.9.
29+
cvss_v3: 3.7
30+
unaffected_versions:
31+
- "< 2.9.0"
32+
patched_versions:
33+
- ">= 2.19.9"
34+
related:
35+
url:
36+
- https://nvd.nist.gov/vuln/detail/CVE-2026-54696
37+
- https://rubygems.org/gems/json/versions/2.19.9
38+
- https://github.com/ruby/json/releases/tag/v2.19.9
39+
- https://github.com/ruby/json/blob/master/CHANGES.md#2026-06-11-2199
40+
- https://hackerone.com/reports/3785370
41+
- https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687
42+
notes: "- Got 2.19.9 and date from nvd.nist.gov web site.\n"
43+
---

0 commit comments

Comments
 (0)