Intel

AIKIDO-2026-208997

json is vulnerable to Out-of-bounds Read

Out-of-bounds Read Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

53

Medium Risk

This Affects:

RUBYjson
2.10.0 - 2.19.7
Fixed in 2.19.8
Are you affected? Scan for Free

TL;DR

The native C parser in json does not clamp its read cursor to the end of the input buffer while scanning a string that ends with an unterminated escape sequence. When the parser then builds the end-of-input parse error, it reads one byte past the end of the buffer. Passing crafted, truncated JSON to JSON.parse triggers this out-of-bounds read, which can crash the process. The fix clamps the cursor to the buffer end in the string scanner and when computing the error position.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

json is vulnerable to Out-of-bounds Read in versions 2.10.0 - 2.19.7.

How to fix this

Upgrade the json library to the patch version.