Lucene search
K

11 matches found

NVD
NVD
added 2026/07/01 12:16 a.m.6 views

CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:36 p.m.39 views

CVE-2026-54901 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:36 p.m.30 views

CVE-2026-54901

Oj (Optimized JSON) Ruby gem contains a Use-After-Free in Oj::Parser in normal mode prior to 3.17.2: during GC, array_class/hash_class refs may be reclaimed, leaving a dangling VALUE for the next parse and causing a segfault. Fixed in version 3.17.2. Affected: Oj::Parser parsing flow; trigger is ...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parsermark. An attacker can cause a segmentation fault and potentially crash the application by triggering garbage collection after assigning a custom class to arrayclass or hashclass and before parsing, leading to...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:47 p.m.5 views

GHSA-VWM4-62GF-X745 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj- Use-After-Free in 'Oj::Parser' array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51087

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Parser in usual mode fails to mark array class and hash class references during garbage collection GC, resulting in a Use-After-Free condition. If the GC executes after the class is assigned but befo...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)

This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of thes...

10CVSS8.2AI score0.43382EPSS
Exploits28References18
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.45 views

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)

This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

9.8CVSS8.3AI score0.43382EPSS
Exploits24References14
Rows per page
Query Builder