11 matches found
CVE-2026-54901
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
UBUNTU-CVE-2026-54901
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
CVE-2026-54901 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
CVE-2026-54901
Oj (Optimized JSON) Ruby gem contains a Use-After-Free in Oj::Parser in normal mode prior to 3.17.2: during GC, array_class/hash_class refs may be reclaimed, leaving a dangling VALUE for the next parse and causing a segfault. Fixed in version 3.17.2. Affected: Oj::Parser parsing flow; trigger is ...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the parsermark. An attacker can cause a segmentation fault and potentially crash the application by triggering garbage collection after assigning a custom class to arrayclass or hashclass and before parsing, leading to...
GHSA-VWM4-62GF-X745 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
PT-2026-51087
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Parser in usual mode fails to mark array class and hash class references during garbage collection GC, resulting in a Use-After-Free condition. If the GC executes after the class is assigned but befo...
Oj- Use-After-Free in 'Oj::Parser' array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)
This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of thes...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...