Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-14T10:27:41 simdjson: simdjson: Memory corruption via integer overflow in string processing 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-190

A flaw was found in simdjson, a JSON parsing library. An integer overflow vulnerability in the document-builder API, specifically within the `string_builder::escape_and_append()` function, can occur when processing very large input strings on systems with limited `size_t` width, such as 32-bit builds. This overflow can lead to incorrect buffer size calculations and insufficient memory allocation. Consequently, this may result in out-of-bounds memory reads during SIMD (Single Instruction, Multiple Data) operations, potentially causing information disclosure, memory corruption, or malformed JSON output.

Red Hat Advanced Cluster Management for Kubernetes 2 Not affected rhacm2/lighthouse-coredns-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-8295 https://nvd.nist.gov/vuln/detail/CVE-2026-8295 https://cert.pl/posts/2026/05/CVE-2026-8295 https://github.com/simdjson/simdjson/releases/tag/v4.6.4