{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3407", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-01T07:03:11.753Z", "datePublished": "2026-03-02T03:02:09.924Z", "dateUpdated": "2026-03-02T14:43:12.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-02T03:02:09.924Z"}, "title": "YosysHQ yosys BLIF File rtlil.h set heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "YosysHQ", "product": "yosys", "versions": [{"version": "0.1", "status": "affected"}, {"version": "0.2", "status": "affected"}, {"version": "0.3", "status": "affected"}, {"version": "0.4", "status": "affected"}, {"version": "0.5", "status": "affected"}, {"version": "0.6", "status": "affected"}, {"version": "0.7", "status": "affected"}, {"version": "0.8", "status": "affected"}, {"version": "0.9", "status": "affected"}, {"version": "0.10", "status": "affected"}, {"version": "0.11", "status": "affected"}, {"version": "0.12", "status": "affected"}, {"version": "0.13", "status": "affected"}, {"version": "0.14", "status": "affected"}, {"version": "0.15", "status": "affected"}, {"version": "0.16", "status": "affected"}, {"version": "0.17", "status": "affected"}, {"version": "0.18", "status": "affected"}, {"version": "0.19", "status": "affected"}, {"version": "0.20", "status": "affected"}, {"version": "0.21", "status": "affected"}, {"version": "0.22", "status": "affected"}, {"version": "0.23", "status": "affected"}, {"version": "0.24", "status": "affected"}, {"version": "0.25", "status": "affected"}, {"version": "0.26", "status": "affected"}, {"version": "0.27", "status": "affected"}, {"version": "0.28", "status": "affected"}, {"version": "0.29", "status": "affected"}, {"version": "0.30", "status": "affected"}, {"version": "0.31", "status": "affected"}, {"version": "0.32", "status": "affected"}, {"version": "0.33", "status": "affected"}, {"version": "0.34", "status": "affected"}, {"version": "0.35", "status": "affected"}, {"version": "0.36", "status": "affected"}, {"version": "0.37", "status": "affected"}, {"version": "0.38", "status": "affected"}, {"version": "0.39", "status": "affected"}, {"version": "0.40", "status": "affected"}, {"version": "0.41", "status": "affected"}, {"version": "0.42", "status": "affected"}, {"version": "0.43", "status": "affected"}, {"version": "0.44", "status": "affected"}, {"version": "0.45", "status": "affected"}, {"version": "0.46", "status": "affected"}, {"version": "0.47", "status": "affected"}, {"version": "0.48", "status": "affected"}, {"version": "0.49", "status": "affected"}, {"version": "0.50", "status": "affected"}, {"version": "0.51", "status": "affected"}, {"version": "0.52", "status": "affected"}, {"version": "0.53", "status": "affected"}, {"version": "0.54", "status": "affected"}, {"version": "0.55", "status": "affected"}, {"version": "0.56", "status": "affected"}, {"version": "0.57", "status": "affected"}, {"version": "0.58", "status": "affected"}, {"version": "0.59", "status": "affected"}, {"version": "0.60", "status": "affected"}, {"version": "0.61", "status": "affected"}, {"version": "0.62", "status": "affected"}], "modules": ["BLIF File Parser"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-03-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-01T08:08:34.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348302", "name": "VDB-348302 | YosysHQ yosys BLIF File rtlil.h set heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348302", "name": "VDB-348302 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.763755", "name": "Submit #763755 | YosysHQ yosys 8bbde80 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/YosysHQ/yosys/issues/5677", "tags": ["issue-tracking"]}, {"url": "https://github.com/YosysHQ/yosys/pull/5680", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/oneafter/0210/blob/main/yo2/repro", "tags": ["exploit"]}, {"url": "https://github.com/YosysHQ/yosys/pull/5681", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/YosysHQ/yosys/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T14:40:14.679910Z", "id": "CVE-2026-3407", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T14:43:12.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3407", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T14:40:14.679910Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T14:40:30.343Z"}}], "cna": {"title": "YosysHQ yosys BLIF File rtlil.h set heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "YosysHQ", "modules": ["BLIF File Parser"], "product": "yosys", "versions": [{"status": "affected", "version": "0.1"}, {"status": "affected", "version": "0.2"}, {"status": "affected", "version": "0.3"}, {"status": "affected", "version": "0.4"}, {"status": "affected", "version": "0.5"}, {"status": "affected", "version": "0.6"}, {"status": "affected", "version": "0.7"}, {"status": "affected", "version": "0.8"}, {"status": "affected", "version": "0.9"}, {"status": "affected", "version": "0.10"}, {"status": "affected", "version": "0.11"}, {"status": "affected", "version": "0.12"}, {"status": "affected", "version": "0.13"}, {"status": "affected", "version": "0.14"}, {"status": "affected", "version": "0.15"}, {"status": "affected", "version": "0.16"}, {"status": "affected", "version": "0.17"}, {"status": "affected", "version": "0.18"}, {"status": "affected", "version": "0.19"}, {"status": "affected", "version": "0.20"}, {"status": "affected", "version": "0.21"}, {"status": "affected", "version": "0.22"}, {"status": "affected", "version": "0.23"}, {"status": "affected", "version": "0.24"}, {"status": "affected", "version": "0.25"}, {"status": "affected", "version": "0.26"}, {"status": "affected", "version": "0.27"}, {"status": "affected", "version": "0.28"}, {"status": "affected", "version": "0.29"}, {"status": "affected", "version": "0.30"}, {"status": "affected", "version": "0.31"}, {"status": "affected", "version": "0.32"}, {"status": "affected", "version": "0.33"}, {"status": "affected", "version": "0.34"}, {"status": "affected", "version": "0.35"}, {"status": "affected", "version": "0.36"}, {"status": "affected", "version": "0.37"}, {"status": "affected", "version": "0.38"}, {"status": "affected", "version": "0.39"}, {"status": "affected", "version": "0.40"}, {"status": "affected", "version": "0.41"}, {"status": "affected", "version": "0.42"}, {"status": "affected", "version": "0.43"}, {"status": "affected", "version": "0.44"}, {"status": "affected", "version": "0.45"}, {"status": "affected", "version": "0.46"}, {"status": "affected", "version": "0.47"}, {"status": "affected", "version": "0.48"}, {"status": "affected", "version": "0.49"}, {"status": "affected", "version": "0.50"}, {"status": "affected", "version": "0.51"}, {"status": "affected", "version": "0.52"}, {"status": "affected", "version": "0.53"}, {"status": "affected", "version": "0.54"}, {"status": "affected", "version": "0.55"}, {"status": "affected", "version": "0.56"}, {"status": "affected", "version": "0.57"}, {"status": "affected", "version": "0.58"}, {"status": "affected", "version": "0.59"}, {"status": "affected", "version": "0.60"}, {"status": "affected", "version": "0.61"}, {"status": "affected", "version": "0.62"}]}], "timeline": [{"lang": "en", "time": "2026-03-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-01T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-01T08:08:34.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348302", "name": "VDB-348302 | YosysHQ yosys BLIF File rtlil.h set heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348302", "name": "VDB-348302 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.763755", "name": "Submit #763755 | YosysHQ yosys 8bbde80 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/YosysHQ/yosys/issues/5677", "tags": ["issue-tracking"]}, {"url": "https://github.com/YosysHQ/yosys/pull/5680", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/oneafter/0210/blob/main/yo2/repro", "tags": ["exploit"]}, {"url": "https://github.com/YosysHQ/yosys/pull/5681", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/YosysHQ/yosys/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-02T03:02:09.924Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3407", "state": "PUBLISHED", "dateUpdated": "2026-03-02T14:43:12.380Z", "dateReserved": "2026-03-01T07:03:11.753Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-02T03:02:09.924Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en YosysHQ yosys hasta la versi\u00f3n 0.62, la cual afeacta a la funci\u00f3n Yosys::RTLIL::Const::set del archivo kernel/rtlil.h del componente BLIF File Parser. Su manipulaci\u00f3n provoca un desbordamiento de b\u00fafer basado en mont\u00edculo. Es posible lanzar el ataque en el host local. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. Se recomienda aplicar un parche para solucionar este problema. Parece que el problema no es reproducible todo el tiempo."}], "id": "CVE-2026-3407", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-02T03:16:01.600", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/YosysHQ/yosys/"}, {"source": "cna@vuldb.com", "url": "https://github.com/YosysHQ/yosys/issues/5677"}, {"source": "cna@vuldb.com", "url": "https://github.com/YosysHQ/yosys/pull/5680"}, {"source": "cna@vuldb.com", "url": "https://github.com/YosysHQ/yosys/pull/5681"}, {"source": "cna@vuldb.com", "url": "https://github.com/oneafter/0210/blob/main/yo2/repro"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.348302"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.348302"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.763755"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.23"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.25"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.26"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.27"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.29"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.30"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.31"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.32"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.33"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.34"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.35"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.36"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.37"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.38"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.40"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.41"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.42"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.43"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.44"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.45"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.47"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.48"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.49"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.50"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.51"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.52"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.53"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.54"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.55"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.56"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.57"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.58"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.59"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.60"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.61"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.62"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "yosys", "source": "cna", "vendor": "YosysHQ"}, "product": "yosys", "vendor": "yosyshq"}], "analysis": {"en": {"generated_at": "2026-04-18T10:10:24.091698+00:00", "value": {"mitigation_remediation": ["Upgrade Yosys to the patched version released after the fix (e.g., version 0.63 or later).", "Recompile the project from the updated source repository to ensure the corrected code is present if using a custom build.", "Limit or quarantine the processing of untrusted BLIF files: run Yosys in a restricted environment or remove BLIF support if not required to reduce the attack surface."], "summary": {"action": "Patch", "impact": "Heap-based Buffer Overflow"}, "threat_synthesis": {"affected_systems": "YosysHQ yosys users running version 0.62 or earlier are affected. The issue is confined to the kernel/rtlil.h component responsible for parsing BLIF files. No newer releases or alternative branches have been reported to contain the flaw. Systems that load untrusted BLIF files locally are susceptible.", "description_and_impact": "The vulnerability originates in the RTLIL::Const::set function within the BLIF File Parser component, where improperly bounded writes to a heap-allocated buffer can cause a heap-based overflow. This overflow occurs when an attacker supplies a malicious BLIF file that the parser processes. According to the official description, it is possible for local users to trigger the overflow, which may lead to a crash or corruption of program memory. The CVE details do not explicitly claim arbitrary code execution, so any such claim is beyond the stated evidence.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, while the EPSS score below 1% suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the attack vector is local, only users with local filesystem access or attackers who gain local foothold can exploit it. Nonetheless, since heap overflows can degrade reliability or provide a foothold for more advanced attacks, administrators should treat the patch as a priority."}}}}, "created": "2026-03-02T12:03:51.149822+00:00", "updated": "2026-04-18T10:15:25.875843+00:00", "vendors": ["yosyshq", "yosyshq$PRODUCT$yosys"]}