Description
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in buf_append_string (buf.h:61) converts the string length to a large negative size_t, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process and can corrupt adjacent heap memory. The issue has been fixed in version 3.17.2.
Severity (CVSS)
| Base score | 6.3 |
|---|---|
| Severity | Medium |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| Provided by | CNA |
Weaknesses
- CWE-190 — CWE-190: Integer Overflow or Wraparound
Affected products
| Vendor | Product | Versions |
|---|---|---|
| ohler55 | oj | < 3.17.2 |
References
- https://github.com/ohler55/oj/security/advisories/GHSA-475m-ph3x-64gp (x_refsource_CONFIRM)
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.