All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-54900
MEDIUMpublished 2026-07-01 00:16 UTC · 4 days ago · modified 2026-07-01 17:16 UTC
6.3
CVSS / 10
// description
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in form_attr (usual.c:63) converts the length to -1 before passing it to memcpy. This causes memcpy to copy SIZE_MAX bytes (interpreted as a huge size_t), corrupting heap memory and crashing the process. The issue has been fixed in version 3.17.2.
// weaknesses (CWE)
- CWE-190
- CWE-787