CVE-2026-3407

Summary

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.

Affected Software

VendorProductVersion RangeStatus
YosysHQyosys0.1affected
YosysHQyosys0.2affected
YosysHQyosys0.3affected
YosysHQyosys0.4affected
YosysHQyosys0.5affected
YosysHQyosys0.6affected
YosysHQyosys0.7affected
YosysHQyosys0.8affected
YosysHQyosys0.9affected
YosysHQyosys0.10affected
YosysHQyosys0.11affected
YosysHQyosys0.12affected
YosysHQyosys0.13affected
YosysHQyosys0.14affected
YosysHQyosys0.15affected
YosysHQyosys0.16affected
YosysHQyosys0.17affected
YosysHQyosys0.18affected
YosysHQyosys0.19affected
YosysHQyosys0.20affected
YosysHQyosys0.21affected
YosysHQyosys0.22affected
YosysHQyosys0.23affected
YosysHQyosys0.24affected
YosysHQyosys0.25affected
YosysHQyosys0.26affected
YosysHQyosys0.27affected
YosysHQyosys0.28affected
YosysHQyosys0.29affected
YosysHQyosys0.30affected
YosysHQyosys0.31affected
YosysHQyosys0.32affected
YosysHQyosys0.33affected
YosysHQyosys0.34affected
YosysHQyosys0.35affected
YosysHQyosys0.36affected
YosysHQyosys0.37affected
YosysHQyosys0.38affected
YosysHQyosys0.39affected
YosysHQyosys0.40affected
YosysHQyosys0.41affected
YosysHQyosys0.42affected
YosysHQyosys0.43affected
YosysHQyosys0.44affected
YosysHQyosys0.45affected
YosysHQyosys0.46affected
YosysHQyosys0.47affected
YosysHQyosys0.48affected
YosysHQyosys0.49affected
YosysHQyosys0.50affected
YosysHQyosys0.51affected
YosysHQyosys0.52affected
YosysHQyosys0.53affected
YosysHQyosys0.54affected
YosysHQyosys0.55affected
YosysHQyosys0.56affected
YosysHQyosys0.57affected
YosysHQyosys0.58affected
YosysHQyosys0.59affected
YosysHQyosys0.60affected
YosysHQyosys0.61affected
YosysHQyosys0.62affected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References