17 matches found
CVE-2026-54500
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...
CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54896 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54896
Oj (Optimized JSON) Ruby gem prior to 3.17.2 is affected when operating in object mode; Oj.dump can trigger a heap buffer overflow while serializing Exception objects with a large indent value. The issue stems from allocating a buffer sized for object attributes but not accounting for accumulated...
CVE-2026-54500
Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...
GHSA-35W3-PJM6-WJ95 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...
Oj: intern.c form_attr (uninitialized stack read)
Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...
GHSA-FM7P-MPRW-WJM9 Oj: intern.c form_attr (uninitialized stack read)
Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...
PT-2026-51063
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...
PT-2026-51082
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in object mode, the Oj.dump function is susceptible to a heap buffer overflow during the serialization of Exception objects if a large :indent value is used. The issue occurs because the...
Oj - Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...
OESA-2025-2321 rubygem-fluentd security update
Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...
OESA-2025-2320 rubygem-fluentd security update
Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...
PT-2022-24940 · Fluentd · Fluentd
Name of the Vulnerable Software and Affected Versions: Fluentd versions 1.13.2 through 1.15.2 Description: A remote code execution vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue...
CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...