Lucene search
K

9 matches found

NVD
NVD
added 2026/07/01 12:16 a.m.5 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:24 p.m.36 views

CVE-2026-54898 Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:24 p.m.26 views

CVE-2026-54898

CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.12 views

Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.6 views

GHSA-Q2GM-54R6-8FWM Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

8.7CVSS6.1AI score0.00117EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...

9.1CVSS5.8AI score0.00117EPSS
Exploits0References2
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/11/05 12:0 a.m.6 views

Hybrid Fuzzing with LLM-Guided Input Mutation and Semantic Feedback

Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I present a hybrid fuzzing framework that integrates static an...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/06 12:0 a.m.4 views

Directed Greybox Fuzzing Via Large Language Model

Directed greybox fuzzing DGF focuses on efficiently reaching specific program locations or triggering particular behaviors, making it essential for tasks like vulnerability detection and crash reproduction. However, existing methods often suffer from path explosion and randomness in input mutatio...

7.4AI score
Exploits0
Rows per page
Query Builder