High severityNVD Advisory· Published Mar 12, 2025· Updated Mar 12, 2025
Ruby JSON Parser has Out-of-bounds Read
CVE-2025-27788
Description
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jsonRubyGems | >= 2.10.0, < 2.10.2 | 2.10.2 |
Affected products
16- osv-coords15 versionspkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.2-jsonpkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.3-jsonpkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.4-jsonpkg:apk/wolfi/ruby3.2-jsonpkg:apk/wolfi/ruby3.3-jsonpkg:apk/wolfi/ruby3.4-jsonpkg:gem/json
< 1.16.7.1.1-r1+ 14 more
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 1.16.7.1.1-r1
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: < 1.16.8.1.0-r0
- (no CPE)range: < 1.16.8.1.0-r0
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: < 2.10.2-r0
- (no CPE)range: >= 2.10.0, < 2.10.2
- ruby/jsonv5Range: >= 2.10.0, < 2.10.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-9m3q-rhmv-5q44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27788ghsaADVISORY
- github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadfghsax_refsource_MISCWEB
- github.com/ruby/json/releases/tag/v2.10.2ghsax_refsource_MISCWEB
- github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44ghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2025-27788.ymlghsaWEB
News mentions
0No linked articles in our index yet.