Lucene search
K

23 matches found

CVE
CVE
added 2026/06/30 11:16 p.m.33 views

CVE-2026-54592

The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:16 p.m.5 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.15 views

Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.6 views

GHSA-9PPP-W3G4-FH4Q Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

8.7CVSS6.1AI score0.00117EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:36 p.m.6 views

GHSA-3M6Q-JJ5J-38C9 Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Details Two-step chain in ext/oj/fast.c: 1. doceachchild line 1501 increments doc-where pas...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51067

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When Oj::Doceach child is invoked recursively over a deeply nested JSON document, it can cause a fixed-size stack buffer overflow, leading to a denial of service DoS that aborts the process. This occurs...

7.5CVSS6AI score0.00263EPSS
Exploits0References4
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Oj - Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Impact Reliable denial of service: any endpoint that calls Oj::Doc.openuntrusted |d|...

7.5CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51083

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Doc iterators each value, each child, each leaf are subject to a heap use-after-free. This occurs when a Ruby block yielded during iteration calls doc.close or d.close, causing the document's heap...

8.7CVSS5.7AI score0.00117EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 11:32 a.m.28 views

CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-55503

Malicious code in bioql PyPI...

6.3AI score0.00149EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30844

Malicious code in bioql PyPI...

6.3AI score0.00138EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/09/24 11:22 p.m.4 views

SUSE CVE-2025-39882

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The foreachchildofnode helper drops the reference it takes to each node as it iterates over children and an explicit ofnodeput is only needed when exiting the loop early. Drop th...

5.5CVSS6.4AI score0.00138EPSS
Exploits0References21
OSV
OSV
added 2025/09/23 6:15 a.m.7 views

UBUNTU-CVE-2025-39882

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The foreachchildofnode helper drops the reference it takes to each node as it iterates over children and an explicit ofnodeput is only needed when exiting the loop early. Drop th...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References7
OSV
OSV
added 2025/09/15 2:15 p.m.3 views

DEBIAN-CVE-2022-50249

In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in ofgetddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...

5.5CVSS5.3AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 2:2 p.m.10 views

CVE-2022-50249 memory: of: Fix refcount leak bug in of_get_ddr_timings()

In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in ofgetddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...

0.00149EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-50121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3r5clusterofinit Every iteration of...

5.5CVSS6.1AI score0.00159EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.8 views

kernel: remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init

In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3r5clusterofinit Every iteration of foreachavailablechildofnode decrements the reference count of the previous node. When breaking early from a foreachavailablechildofnode loop, we need to...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.14 views

kernel: Bluetooth: fix use-after-free in device_for_each_child()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in deviceforeachchild Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in deviceforeachchild+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/498...

7.8CVSS6.7AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2025/02/27 8:16 p.m.10 views

UBUNTU-CVE-2024-58034

In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegraemcfindnodebyramcode As offindnodebyname release the reference of the argument device node, tegraemcfindnodebyramcode releases some device nodes while still in use,...

7.8CVSS6.2AI score0.00222EPSS
Exploits0References34
OSV
OSV
added 2025/02/26 7:1 a.m.4 views

UBUNTU-CVE-2022-49351

In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in alteratsemdiocreate Every iteration of foreachchildofnode decrements the reference count of the previous node. When break from a foreachchildofnode loop, we need to explicitly call ofnodeput on t...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References12
Rows per page
Query Builder