Lucene search
K

16 matches found

NVD
NVD
added 2026/07/01 12:16 a.m.5 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:40 p.m.37 views

CVE-2026-54902 Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:36 p.m.27 views

CVE-2026-54901

Oj (Optimized JSON) Ruby gem contains a Use-After-Free in Oj::Parser in normal mode prior to 3.17.2: during GC, array_class/hash_class refs may be reclaimed, leaving a dangling VALUE for the next parse and causing a segfault. Fixed in version 3.17.2. Affected: Oj::Parser parsing flow; trigger is ...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:24 p.m.36 views

CVE-2026-54898 Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:24 p.m.25 views

CVE-2026-54898

CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:3 p.m.25 views

CVE-2026-54899

Oj (Optimized JSON) is a Ruby gem for JSON parsing/marshalling. Prior to 3.17.2, disabling symbol_keys on a reused Oj::Parser can cause a heap use-after-free when toggling symbol_keys from true to false: opt_symbol_keys_set frees the internal key cache but does not clear the pointer, so the next ...

6.3CVSS5.7AI score0.00428EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 8:47 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the Oj::Parser when operating in SAJ mode with object keys of 35 bytes or longer. An attacker can cause a segmentation fault by triggering garbage collection within a callback, leading to use of a freed memory pointer...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:34 p.m.8 views

GHSA-2CW7-V8FF-P88R Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

8.7CVSS5.9AI score0.00428EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.8 views

Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51084

Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...

8.7CVSS6AI score0.00117EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51086

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in usual mode with create id enabled, the Oj::Parserparse function is susceptible to heap corruption. This occurs when a JSON object key is exactly 65,535 bytes long, leading to an integer...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Use-After-Free in 'Oj::Parser' SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.7 views

Oj - Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.8AI score0.00428EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Negative-Size memcpy in 'Oj::Parser' create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder