VYPR

apk package

chainguard/ruby4.0-fluentd-kubernetes-daemonset-1.19-kinesis

pkg:apk/chainguard/ruby4.0-fluentd-kubernetes-daemonset-1.19-kinesis

Vulnerabilities (15)

  • CVE-2026-54905lowJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is u

  • CVE-2026-54904higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`. The issue is caused by the interaction between: - `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds. - Nume

  • CVE-2026-54903higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data ou

  • CVE-2026-54902higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the

  • CVE-2026-54901higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse`

  • CVE-2026-54900higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passin

  • CVE-2026-54898higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the stri

  • CVE-2026-54897higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control r

  • CVE-2026-54896higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With `

  • CVE-2026-54592higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1. **`doc_each_

  • CVE-2026-54500Jun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In `ext/oj

  • CVE-2026-54502higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2

  • CVE-2026-54899higJun 19, 2026
    affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0

    ### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call rea

  • CVE-2026-35611HigApr 7, 2026
    affected < 1.19.2.1.4-r0fixed 1.19.2.1.4-r0

    Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b

  • CVE-2026-33210Mar 20, 2026
    affected < 1.19.2.1.3-r0fixed 1.19.2.1.3-r0

    Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used