Impact
In Oj (Optimized JSON), a stack buffer overflow occurs in the Oj::Doc#each_child method when parsing deeply nested JSON. The recursive call increments the internal pointer past the fixed‑size where_path array, and due to a missing decrement the pointer remains beyond the array bounds. When the parser later copies the path to an 800‑byte stack buffer, it overflows the stack because the length calculation exceeds the 100‑element limit. The resulting memory corruption causes an abort of the Ruby process, creating a denial of service. The weakness involves unchecked memory writes (CWE‑125) and malformed buffer handling (CWE‑787).
Affected Systems
The vulnerability affects the Oj (Optimized JSON) Ruby gem distributed by ohler55. Any installation of the gem with a version earlier than 3.17.3 is susceptible, as those releases lack the bounds fixes introduced in 3.17.3.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity; the EPSS value is not available, so exploit likelihood is uncertain, but the denial of service impact is tangible if an attacker can deliver nested JSON to the parser. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is an input provider that supplies deeply nested JSON to the affected application, which can be local or from an external source depending on the context of the parser’s usage. By causing the parser to recurse beyond the maximum stack depth, an attacker can repeatedly crash the process, exhausting resources and forcing restarts.
OpenCVE Enrichment
Github GHSA