CVE-2026-8295

Severity CVSS v4.0:
MEDIUM
Type:
CWE-190 Integer Overflow or Wraparound
Publication date:
14/05/2026
Last modified:
19/05/2026

Description

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.<br /> This vulnerability has been fixed in 4.6.4 release