Oj: Integer Overflow in Oj.load 2GB String Handling
Summary Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process...