Integer overflow in Simdjson

CVE-2026-8295

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e…

Vulnerability class: Integer Overflow

EPSS: 0.001 (17.6th percentile) — read the EPSS interpretation.

Affected products

Simdjson — versions 0

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

cvd@cert.pl (release-notes)
cvd@cert.pl (third-party-advisory)