Stack-based Buffer Overflow in Oj JSON Parser by Ruby Gem Vendor
CVE-2026-54502
6.3MEDIUM
What is CVE-2026-54502?
The Oj library, a JSON parser and object marshaller within the Ruby ecosystem, is impacted by a stack-based buffer overflow in versions prior to 3.17.2. This flaw arises when the :indent value provided to the Oj.dump function is excessively large. Specifically, the fill_indent method in dump.h fails to validate the size before executing a memset operation, allowing an attacker to set the indent value to INT_MAX (2,147,483,647). Consequently, this results in writing 2 GB into a stack-allocated buffer, which is only 4,184 bytes in size. This overflow can lead to stack corruption and process crashes. Users of affected versions are urged to upgrade to version 3.17.2 or later to mitigate this vulnerability.
Affected Version(s)
oj < 3.17.2
