Impact
The vulnerability arises in the Oj (Optimized JSON) Ruby gem when Oj.dump receives an excessively large :indent value. The code in dump.h calls memset(indent_str, ' ', (size_t)opts->indent) without validating the size. When opts->indent is set to INT_MAX (2,147,483,647), the cast preserves the large value and memset writes 2 GB into the stack‑allocated out buffer (4,184 bytes). This overflow corrupts the stack and crashes the process. The primary outcome is a denial of service; there is no indication that this can lead to arbitrary code execution, consistent with CWE‑121.
Affected Systems
The defect is limited to the ohler55 Oj Ruby gem in versions prior to 3.17.2. Any Ruby application that includes this gem and invokes Oj.dump with a custom :indent value may be affected. From the description, applications that always use the default indentation or use a fixed small value are not vulnerable. The issue is resolved in releases 3.17.2 and later.
Risk and Exploitability
The CVSS score of 6.3 classifies the risk as moderate. EPSS is not available, so the real‑world exploitation probability is unknown, and the flaw is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an application that accepts user input for the :indent parameter or exposes an API that forwards that value to Oj.dump. An attacker who can control the indent size could trigger a crash and cause a denial of service. No publicly documented exploit achieves arbitrary code execution.
OpenCVE Enrichment
Github GHSA