PT-2026-40904 · Simdjson · Simdjson
Marcin Wyczechowski
+1
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-8295
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
simdjson versions prior to 4.6.4
Description
An integer overflow in the document-builder API occurs during buffer size calculations within the
string builder::escape and append() function when processing very large input strings on platforms with limited size t width, such as 32-bit builds. This overflow can lead to insufficient buffer allocation, causing out-of-bounds memory reads in SIMD (Single Instruction, Multiple Data) routines, which may result in memory corruption, information disclosure, or malformed JSON output.Recommendations
Update to version 4.6.4.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simdjson