Bug 2477418 (CVE-2026-8295)

Summary: CVE-2026-8295 simdjson: simdjson: Memory corruption via integer overflow in string processing
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alcohan, gparvin, jbalunas, pahickey, rhaigner
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in simdjson, a JSON parsing library. An integer overflow vulnerability in the document-builder API, specifically within the `string_builder::escape_and_append()` function, can occur when processing very large input strings on systems with limited `size_t` width, such as 32-bit builds. This overflow can lead to incorrect buffer size calculations and insufficient memory allocation. Consequently, this may result in out-of-bounds memory reads during SIMD (Single Instruction, Multiple Data) operations, potentially causing information disclosure, memory corruption, or malformed JSON output.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-14 11:01:23 UTC
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can cause insufficient buffer allocation, leading to out-of-bounds memory reads in SIMD routines and potentially resulting in information disclosure, memory corruption, or malformed JSON output.
This vulnerability has been fixed inĀ 4.6.4 release