CVE-2026-8295
Deferred
Deferred - Pending Action
BaseFortify
Vulnerability report for CVE-2026-8295, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-14
Last updated on: 2026-05-19
Assigner: CERT.PL
Description
Description
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.
This vulnerability has been fixed inΒ 4.6.4 release
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
