Vulnerability Description
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output. This vulnerability has been fixed in 4.6.4 release
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-8295?
CVE-2026-8295 is a documented vulnerability. An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on pl...
How severe is CVE-2026-8295?
CVSS scoring is not yet available for CVE-2026-8295. Check NVD for updates.
Is there a patch for CVE-2026-8295?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.