๐Ÿ” CVE Alert

CVE-2026-54898

UNKNOWN 0.0

Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte * pointer into the Ruby string's internal buffer. If a callback (e.g. hash_start) resizes the string โ€” for example by calling String#replace with a longer value โ€” Ruby reallocates the string buffer and frees the old one. The C parser's pointer is left dangling; the next character read at parser.c:607 is a use-after-free. This issue has been fixed in version 3.17.2.

CWE CWE-416
Vendor ohler55
Product oj
Published Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for ohler55 oj

Be the first to know when new unknown vulnerabilities affecting ohler55 oj are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

ohler55 / oj
< 3.17.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/ohler55/oj/security/advisories/GHSA-q2gm-54r6-8fwm