Integer overflow in Ohler55 Oj
CVE-2026-54903
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in buf_append_string…
Vulnerability class: Integer Overflow
Affected products
- Ohler55 Oj — versions < 3.17.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)