Integer overflow in Ohler55 Oj

CVE-2026-54903

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in buf_append_string…

Vulnerability class: Integer Overflow

Affected products

Weakness classification (CWE)

References