Lucene search
K

58 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0
CVE
CVE
added 3 days ago16 views

CVE-2026-54903

Oj is a Ruby gem that contains a heap corruption vulnerability in Oj.load for JSON strings larger than 2 GB, caused by an integer overflow in buf_append_string (buf.h:61) that turns the length into a negative size_t, leading memcpy to copy out-of-bounds data and crash. Affected versions are those...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-54903 Oj: Integer Overflow in Oj.load 2GB String Handling

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS0.00253EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the bufappendstring function. An attacker can cause heap corruption and process crashes by supplying a specially crafted JSON string larger than 2 GB, which triggers an integer overflow and results in...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:47 p.m.3 views

GHSA-475M-PH3X-64GP Oj: Integer Overflow in Oj.load 2GB String Handling

Summary Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: libbpf: Handling of size overflow for ringbuf mmap The maximum size of a ringbuf on an x86-64 host is 2GB. Therefore, 2 maxentries will cause an overflow of type u32 when mapping producer pages and data pages. Simply casting...

7.8CVSS6.2AI score0.00277EPSS
Exploits0References2
RubySec
RubySec
added 2026/06/19 12:0 a.m.4 views

Oj - Integer Overflow in Oj.load 2GB String Handling

Summary Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.6 views

SUSE CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

3.7CVSS5.6AI score0.00513EPSS
Exploits0References19
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35476

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS5.8AI score0.00513EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS0.00513EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.8 views

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS5.8AI score0.00513EPSS
Exploits0
CVE
CVE
added 2026/06/09 4:3 p.m.178 views

CVE-2026-34180

CVE-2026-34180 describes a heap buffer over-read in OpenSSL’s DER/ASN.1 content parsing. On 64-bit Unix-like systems, a crafted ASN.1 primitive whose content exceeds 2 GB can cause the decoder to miscalculate content length, potentially leading to a read past the end of the input buffer or a cras...

7.5CVSS5.8AI score0.00513EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

OpenSSL 缓冲区错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS5.7AI score0.00513EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47829

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An integer truncation in the ASN.1 decoder occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes in length. This issue specifically affects...

9.1CVSS5.6AI score0.00513EPSS
Exploits0References140
UbuntuCve
UbuntuCve
added 2026/03/31 2:16 p.m.4 views

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 2:16 p.m.4 views

UBUNTU-CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 1:28 p.m.3 views

CVE-2026-34155 RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 1:28 p.m.23 views

CVE-2026-34155

RAUC (Embedded Linux update framework) is affected prior to version 1.15.2. An integer overflow when packaging bundles in the plain format with payloads larger than 2 GiB causes a signature to cover only the initial portion of the payload. If a bundle has a legitimate signature, an attacker could...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:28 p.m.1 views

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder