Nixpkgs security tracker
NIXPKGS-2026-0497
GitHub issue
published 3 months, 3 weeks ago
Permalink
CVE-2026-3407
3.3 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Official Fix (O)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
6 packages
- yosys-ghdl
- yosys-synlig
- yosys-bluespec
- python312Packages.yosys
- python313Packages.yosys
- python314Packages.yosys
- @LeSuisse accepted
- @LeSuisse published on GitHub
YosysHQ yosys BLIF File rtlil.h set heap-based overflow
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
References
-
-
-
Submit #763755 | YosysHQ yosys 8bbde80 Heap-based Buffer Overflow third-party-advisory
-
https://github.com/YosysHQ/yosys/issues/5677 issue-tracking
-
-
Affected products
yosys
- ==0.56
- ==0.40
- ==0.3
- ==0.62
- ==0.27
- ==0.31
- ==0.21
- ==0.36
- ==0.34
- ==0.8
- ==0.20
- ==0.22
- ==0.2
- ==0.10
- ==0.24
- ==0.46
- ==0.14
- ==0.18
- ==0.29
- ==0.32
- ==0.33
- ==0.25
- ==0.47
- ==0.38
- ==0.16
- ==0.45
- ==0.54
- ==0.15
- ==0.17
- ==0.26
- ==0.19
- ==0.51
- ==0.42
- ==0.59
- ==0.9
- ==0.57
- ==0.30
- ==0.37
- ==0.52
- ==0.28
- ==0.55
- ==0.11
- ==0.6
- ==0.44
- ==0.49
- ==0.5
- ==0.61
- ==0.41
- ==0.39
- ==0.35
- ==0.60
- ==0.1
- ==0.53
- ==0.43
- ==0.48
- ==0.13
- ==0.4
- ==0.7
- ==0.23
- ==0.58
- ==0.12
- ==0.50
Matching in nixpkgs
Ignored packages (6)
pkgs.yosys-ghdl
GHDL plugin for Yosys
-
nixos-unstable 0-unstable-2025-05-23
- nixpkgs-unstable 0-unstable-2025-05-23
- nixos-unstable-small 0-unstable-2025-05-23
pkgs.yosys-synlig
None
pkgs.yosys-bluespec
Bluespec plugin for Yosys
-
nixos-unstable 2021.09.08
- nixpkgs-unstable 2021.09.08
- nixos-unstable-small 2021.09.08
pkgs.python312Packages.yosys
None
pkgs.python313Packages.yosys
Open RTL synthesis framework and tools
pkgs.python314Packages.yosys
Open RTL synthesis framework and tools
Package maintainers
-
@thoughtpolice Austin Seipp <aseipp@pobox.com>
-
@VShell Shell Turner <cam.turn@gmail.com>
-
@Luflosi Luflosi <luflosi@luflosi.de>