Miggo Logo

CVE-2025-27788: Out-of-bounds Read in Ruby JSON Parser

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.30098%
Published
3/12/2025
Updated
3/13/2025
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
jsonrubygems>= 2.10.0, <= 2.10.12.10.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows a critical boundary check addition in json_string_unescape function. The original code used 'while ((pe = memchr(...)))' without validating 'pe' stays within 'stringEnd'. The patch adds 'pe < stringEnd' check to prevent OOB read. This matches the CWE-125 description and advisory's focus on unescape handling. No other code changes were made in the security-relevant commit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * sp**i*lly *r**t** *o*um*nt *oul* **us* *n out o* *oun* r***, most lik*ly r*sultin* in * *r*s*. V*rsions *.**.* *n* *.**.* *r* imp**t**. Ol**r v*rsions *r* not. ### P*t***s V*rsion *.**.* *ix*s t** pro*l*m. ### Work*roun*s Non*.

Reasoning

T** *ommit *i** s*ows * *riti**l *oun**ry ****k ***ition in json_strin*_un*s**p* *un*tion. T** ori*in*l *o** us** 'w*il* ((p* = m*m**r(...)))' wit*out v*li**tin* 'p*' st*ys wit*in 'strin**n*'. T** p*t** ***s 'p* < strin**n*' ****k to pr*v*nt OO* r***