CVE-2026-54902
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys (โฅ 35 bytes) from garbage collection, and a Ruby callback that triggers GC inside hash_end can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results in a segfault, confirmed by an RIP pointing to address 0x4242 (a canary-style pattern suggesting control over the freed memory's content). This issue has been fixed in version 3.17.2.
| CWE | CWE-416 |
| Vendor | ohler55 |
| Product | oj |
| Published | Jun 30, 2026 |
Get instant alerts for ohler55 oj
Be the first to know when new unknown vulnerabilities affecting ohler55 oj are published โ delivered to Slack, Telegram or Discord.