10 matches found
DEBIAN-CVE-2026-54899
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...
UBUNTU-CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
UBUNTU-CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
UBUNTU-CVE-2026-54900
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...
Out-of-bounds Read in Ruby JSON Parser
Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...
GHSA-9M3Q-RHMV-5Q44 Out-of-bounds Read in Ruby JSON Parser
Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...
CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...
CVE-2025-27788
The CVE-2025-27788 entry corresponds to a Ruby JSON parser vulnerability (CVE-2025-27788) with out-of-bounds read leading to crashes. In IBM’s advisory, the affected products are: IBM watsonx Assistant Cartridge (versions 4.0–5.2.0) and IBM watsonx Orchestrate with watsonx Assistant Cartridge – A...
CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...
Out-of-bounds Read in Ruby JSON Parser
Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...