{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3285", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-26T16:38:46.941Z", "datePublished": "2026-02-27T03:02:13.772Z", "dateUpdated": "2026-02-27T18:50:12.298Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T03:02:13.772Z"}, "title": "berry-lang berry be_lexer.c scan_string out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "berry-lang", "product": "berry", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-26T17:44:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348014", "name": "VDB-348014 | berry-lang berry be_lexer.c scan_string out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348014", "name": "VDB-348014 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758872", "name": "Submit #758872 | berry-lang berry 7af8289 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/berry-lang/berry/issues/509", "tags": ["issue-tracking"]}, {"url": "https://github.com/berry-lang/berry/pull/511", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/oneafter/0211/blob/main/be/repro", "tags": ["exploit"]}, {"url": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176", "tags": ["patch"]}, {"url": "https://github.com/berry-lang/berry/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T18:50:03.219883Z", "id": "CVE-2026-3285", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:50:12.298Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3285", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T18:50:03.219883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:50:09.231Z"}}], "cna": {"tags": ["x_open-source"], "title": "berry-lang berry be_lexer.c scan_string out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "berry-lang", "product": "berry", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-26T17:44:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348014", "name": "VDB-348014 | berry-lang berry be_lexer.c scan_string out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348014", "name": "VDB-348014 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758872", "name": "Submit #758872 | berry-lang berry 7af8289 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/berry-lang/berry/issues/509", "tags": ["issue-tracking"]}, {"url": "https://github.com/berry-lang/berry/pull/511", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/oneafter/0211/blob/main/be/repro", "tags": ["exploit"]}, {"url": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176", "tags": ["patch"]}, {"url": "https://github.com/berry-lang/berry/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T03:02:13.772Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3285", "state": "PUBLISHED", "dateUpdated": "2026-02-27T18:50:12.298Z", "dateReserved": "2026-02-26T16:38:46.941Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-27T03:02:13.772Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:berry-lang:berry:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CC373AB-A1DB-4EDF-A680-94A7E0E50F7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en berry-lang berry hasta la versi\u00f3n 1.1.0. El elemento afectado es la funci\u00f3n scan_string del archivo src/be_lexer.c. Esta manipulaci\u00f3n causa una lectura fuera de l\u00edmites. El ataque requiere acceso local. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. Nombre del parche: 7149c59a39ba44feca261b12f06089f265fec176. Aplicar un parche es la acci\u00f3n recomendada para solucionar este problema."}], "id": "CVE-2026-3285", "lastModified": "2026-03-02T15:41:29.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-27T03:16:03.397", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/berry-lang/berry/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/berry-lang/berry/issues/509"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/berry-lang/berry/pull/511"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/oneafter/0211/blob/main/be/repro"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348014"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348014"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758872"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "berry", "source": "cna", "vendor": "berry-lang"}, "product": "berry", "vendor": "berry-lang"}], "analysis": {"en": {"generated_at": "2026-04-16T15:34:32.052246+00:00", "value": {"mitigation_remediation": ["Download and apply the patch that implements the fix for the scan_string buffer over\u2011read, identified by commit 7149c59a39ba44feca261b12f06089f265fec176 from the berry\u2011lang repository.", "Rebuild and redeploy the interpreter using the patched source so that any subsequent executions run the fixed version.", "If the patch cannot be applied immediately, restrict local user privileges or run the interpreter with the least privilege necessary to mitigate the risk of information disclosure."], "summary": {"action": "Patch", "impact": "Local Information Disclosure"}, "threat_synthesis": {"affected_systems": "Berry language interpreter version 1.1.0, distributed by berry\u2011lang. Any installation of berry\u2011lang 1.1.0 that uses the vulnerable scan_string implementation is affected.", "description_and_impact": "The flaw resides in the scan_string function of berry 1.1.0, the language interpreter produced by berry\u2011lang. An attacker with local access can manipulate input to cause an out\u2011of\u2011bounds read, allowing the process to read memory beyond the intended buffer. This read can expose internal program data such as strings, configuration values or other sensitive information, potentially leading to information disclosure.", "risk_and_exploitability": "The vulnerability has a CVSS score of 4.8, indicating moderate severity. The EPSS score is below 1%, suggesting a very low current exploitation probability. It is not listed in the CISA KEV catalog. Because local privileges are required, the attack vector is local; a publicly disclosed exploit can be used by users with access to the system, but widespread remote exploitation has not been reported."}}}}, "created": "2026-02-27T09:06:59.282806+00:00", "updated": "2026-04-16T15:45:16.070993+00:00", "vendors": ["berry-lang", "berry-lang$PRODUCT$berry"]}