CVE-2026-8295 – Integer overflow in simdjson

CVE ID :CVE-2026-8295

Published : May 14, 2026, 10:27 a.m. | 30 minutes ago

Description :An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in “string_builder::escape_and_append()” when processing very large input strings on platforms with limited “size_t” width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.
This vulnerability has been fixed in 4.6.4 release

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…