2 matches found
CVE-2026-54900
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...
CVE-2026-54903
Oj is a Ruby gem that contains a heap corruption vulnerability in Oj.load for JSON strings larger than 2 GB, caused by an integer overflow in buf_append_string (buf.h:61) that turns the length into a negative size_t, leading memcpy to copy out-of-bounds data and crash. Affected versions are those...