49 matches found
CVE-2026-54592
The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...
CVE-2026-54500 Oj: intern.c form_attr has an uninitialized stack read
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the bufappendstring function. An attacker can cause heap corruption and process crashes by supplying a specially crafted JSON string larger than 2 GB, which triggers an integer overflow and results in...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the Oj::Parser when operating in SAJ mode with object keys of 35 bytes or longer. An attacker can cause a segmentation fault by triggering garbage collection within a callback, leading to use of a freed memory pointer...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the fillindent function when serializing Exception objects with a large indentation value. An attacker can corrupt adjacent heap memory and potentially execute arbitrary code or cause a crash by supplying...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through recursive calls to the eachchild function when processing deeply nested input. An attacker can cause the process to crash and trigger a denial of service by supplying a specially crafted, deeply nested JSON...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the formattr function when parsing a JSON object with a key of 254 bytes or longer using Oj.load in :object mode. An attacker can obtain sensitive stack memory contents by supplying a crafted JSON payloa...
Important: Red Hat Security Advisory: Red Hat Quay 3.17.3
Red Hat Quay 3.17.3 is now available with bug fixes. Quay 3.17.3...
WordPress GSpeech TTS – WordPress Text To Speech Plugin plugin <= 3.17.13 - Authenticated (Admin+) SQL injection vulnerability
Authenticated Admin+ SQL injection vulnerability discovered by Moose Love in WordPress Plugin GSpeech TTS versions = 3.17.3...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414605)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414605 advisory. Improper input validation in the IntelR Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service...
EUVD-2025-10671
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-32387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parse...
SUSE SLES15 Security Update : helm (SUSE-SU-2025:01596-2)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-2 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release...
Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...
PT-2025-26575 · Suse · Helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...
SUSE SLES15: helm / helm-bash-completion / helm-fish-completion / etc (SUSE-SU-2025:01596-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-1 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to thi...
Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:01596-1 Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...
PT-2025-23276 · Suse · Helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...