๐Ÿ” CVE Alert

CVE-2026-54900

UNKNOWN 0.0

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in form_attr (usual.c:63) converts the length to -1 before passing it to memcpy. This causes memcpy to copy SIZE_MAX bytes (interpreted as a huge size_t), corrupting heap memory and crashing the process. The issue has been fixed in version 3.17.2.

CWE CWE-190 CWE-787
Vendor ohler55
Product oj
Published Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for ohler55 oj

Be the first to know when new unknown vulnerabilities affecting ohler55 oj are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

ohler55 / oj
< 3.17.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/ohler55/oj/security/advisories/GHSA-9cv6-qcjw-4grx