Lucene search
K

17 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS0.00119EPSS
Exploits0References1
Debian CVE
Debian CVE
added 4 days ago3 views

CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score0.00119EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-54896 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 4 days ago22 views

CVE-2026-54896

Oj (Optimized JSON) Ruby gem prior to 3.17.2 is affected when operating in object mode; Oj.dump can trigger a heap buffer overflow while serializing Exception objects with a large indent value. The issue stems from allocating a buffer sized for object attributes but not accounting for accumulated...

2.1CVSS6AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 4 days ago19 views

CVE-2026-54500

Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

2.1CVSS6.2AI score0.00119EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.4 views

GHSA-35W3-PJM6-WJ95 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

8.7CVSS6.2AI score0.00119EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.7 views

Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:35 p.m.5 views

GHSA-FM7P-MPRW-WJM9 Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51063

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51082

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in object mode, the Oj.dump function is susceptible to a heap buffer overflow during the serialization of Exception objects if a large :indent value is used. The issue occurs because the...

8.7CVSS6AI score0.00119EPSS
Exploits0References4
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

2.1CVSS6.1AI score0.00119EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/09/19 1:13 p.m.4 views

OESA-2025-2321 rubygem-fluentd security update

Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...

9.8CVSS8.8AI score0.44708EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 1:13 p.m.4 views

OESA-2025-2320 rubygem-fluentd security update

Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...

9.8CVSS8.8AI score0.44708EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.2 views

PT-2022-24940 · Fluentd · Fluentd

Name of the Vulnerable Software and Affected Versions: Fluentd versions 1.13.2 through 1.15.2 Description: A remote code execution vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue...

9.8CVSS9.3AI score0.44708EPSS
Exploits0References11
OSV
OSV
added 2022/11/02 12:0 a.m.15 views

CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

3.1CVSS9.3AI score0.44708EPSS
Exploits0References5
Rows per page
Query Builder