4 matches found
CVE-2026-54896 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the fillindent function when serializing Exception objects with a large indentation value. An attacker can corrupt adjacent heap memory and potentially execute arbitrary code or cause a crash by supplying...
GHSA-35W3-PJM6-WJ95 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...
Oj - Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...