Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed object, producing a segfault. This issue has been fixed in version 3.17.2.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-vwm4-62gf-x745 | Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed object, producing a segfault. This issue has been fixed in version 3.17.2. | |
| Title | Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-30T23:36:38.526Z
Reserved: 2026-06-16T13:49:33.555Z
Link: CVE-2026-54901
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T05:00:07Z
Weaknesses
Github GHSA