Tag

Gem

1 brief RSS

Stack Buffer Overflow in Oj Ruby Gem (CVE-2026-54502)

The `Oj.dump` function in the `Oj` Ruby gem is vulnerable to a stack-based buffer overflow (CVE-2026-54502) due to improper validation of the `:indent` parameter, allowing an attacker to trigger a process crash or potentially remote code execution by providing an excessively large integer value, affecting all `Oj` gem versions prior to `3.17.2`.

oj gem overflow ruby gem denial-of-service remote-code-execution application-vulnerability

3r 4t 1d ago