2 matches found
CVE-2026-54502
Oj (Optimized JSON) is a Ruby gem that provides a JSON parser and object marshaller. Vulnerability: in versions prior to 3.17.2, Oj.dump can trigger a stack-based buffer overflow when a very large indent value is used. The root cause is fill_indent in dump.h calling memset(indent_str, ' ', (size_...
PT-2026-51064
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj.dump is subject to a stack-based buffer overflow when a large :indent value is provided. The fill indent function in dump.h utilizes memset to fill a buffer without validating the size of the indent...