Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-54896 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the fillindent function when serializing Exception objects with a large indentation value. An attacker can corrupt adjacent heap memory and potentially execute arbitrary code or cause a crash by supplying...

8.7CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/19 7:36 p.m.4 views

GHSA-35W3-PJM6-WJ95 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

8.7CVSS6.2AI score
Exploits0References2
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

2.1CVSS6.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder