CVE-2026-8295
Severity CVSS v4.0:
MEDIUM
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
14/05/2026
Last modified:
19/05/2026
Description
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.<br />
This vulnerability has been fixed in 4.6.4 release
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM



