Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer...

6.3CVSS6.3AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 11:20 p.m.28 views

CVE-2026-54896

Oj (Optimized JSON) Ruby gem prior to 3.17.2 is affected when operating in object mode; Oj.dump can trigger a heap buffer overflow while serializing Exception objects with a large indent value. The issue stems from allocating a buffer sized for object attributes but not accounting for accumulated...

2.1CVSS6AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:10 p.m.26 views

CVE-2026-54502

Oj (Optimized JSON) is a Ruby gem that provides a JSON parser and object marshaller. Vulnerability: in versions prior to 3.17.2, Oj.dump can trigger a stack-based buffer overflow when a very large indent value is used. The root cause is fill_indent in dump.h calling memset(indent_str, ' ', (size_...

6.3CVSS6.1AI score0.00257EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

2.1CVSS6.2AI score0.00119EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 7:35 p.m.5 views

GHSA-3V45-F3VH-WG7M Oj: Stack Buffer Overflow in Oj.dump via Large Indent

Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...

8.7CVSS6.3AI score0.00257EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.10 views

Oj: Stack Buffer Overflow in Oj.dump via Large Indent

Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...

6.3CVSS6.3AI score0.00257EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.8 views

PT-2026-51064

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj.dump is subject to a stack-based buffer overflow when a large :indent value is provided. The fill indent function in dump.h utilizes memset to fill a buffer without validating the size of the indent...

8.7CVSS6.2AI score0.00257EPSS
Exploits0References4
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Stack Buffer Overflow in Oj.dump via Large Indent

Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...

6.3CVSS6.3AI score0.00257EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder