Volerion logoVolerion
Volerion logoVolerion

simdjson Integer Overflow Vulnerability in Document Builder API Allowing Memory Corruption and Information Disclosure

Vulnerability

A vulnerability allowing integer overflow has been identified in the simdjson library, specifically within the document-builder API. This issue arises in versions prior to 4.6.4 and affects platforms with limited 'size_t' width, such as 32-bit builds. The vulnerability occurs in the 'string_builder::escape_and_append()' function, where very large input strings can lead to incorrect buffer size calculations. The resulting overflow may cause insufficient buffer allocation, allowing out-of-bounds memory reads in SIMD routines. This could lead to information disclosure, memory corruption, or the generation of malformed JSON output.

Impact

Exploitation of this vulnerability can result in out-of-bounds memory reads, causing information disclosure, memory corruption, or the creation of invalid JSON output.

Remediation

Users can upgrade to simdjson version 4.6.4 or later to address this vulnerability.

Added: May 14, 2026, 11:26 AM
Updated: May 14, 2026, 11:26 AM

Vulnerability Rating

Custom Algorithm
spread
1.2
impact
1.3
exploitability
4.3
remediation
7.7
relevance
8.3
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.