Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-3285

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 3 weeks, 1 day ago by @anthonyroussel Activity log

Created automatic suggestion 3 weeks, 2 days ago
@anthonyroussel removed
21 packages
- berry
- amiberry
- blueberry
- strawberry
- yarn-berry
- yarn-berry_3
- yarn-berry_4
- raspberrypifw
- libraspberrypi
- strawberry-qt6
- device-tree_rpi
- raspberrypi-eeprom
- raspberrypi-armstubs
- haskellPackages.huckleberry
- raspberrypiWirelessFirmware
- python312Packages.strawberry-django
- python313Packages.strawberry-django
- python312Packages.strawberry-graphql
- python313Packages.strawberry-graphql
- home-assistant-component-tests.raspberry_pi
- tests.home-assistant-component-tests.raspberry_pi
3 weeks, 1 day ago
@anthonyroussel dismissed 3 weeks, 1 day ago

berry-lang berry be_lexer.c scan_string out-of-bounds

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.

References

VDB-348014 | berry-lang berry be_lexer.c scan_string out-of-bounds vdb-entry technical-description
VDB-348014 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #758872 | berry-lang berry 7af8289 Buffer Overflow third-party-advisory
https://github.com/berry-lang/berry/issues/509 issue-tracking
https://github.com/berry-lang/berry/pull/511 issue-tracking patch
https://github.com/oneafter/0211/blob/main/be/repro exploit
https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fe… patch
https://github.com/berry-lang/berry/ product

Affected products

berry

==1.1.0
==1.0

Ignored packages (21)

pkgs.berry

Healthy, bite-sized window manager

nixos-unstable 0.1.13
- nixpkgs-unstable 0.1.13
- nixos-unstable-small 0.1.13
nixos-25.11 0.1.13
- nixos-25.11-small 0.1.13
- nixpkgs-25.11-darwin 0.1.13

pkgs.amiberry

Optimized Amiga emulator for Linux/macOS

nixos-unstable 5.7.4
- nixpkgs-unstable 5.7.4
- nixos-unstable-small 5.7.4
nixos-25.11 5.7.4
- nixos-25.11-small 5.7.4
- nixpkgs-25.11-darwin 5.7.4

pkgs.blueberry

Bluetooth configuration tool

nixos-unstable 1.4.8
- nixpkgs-unstable 1.4.8
- nixos-unstable-small 1.4.8
nixos-25.11 1.4.8
- nixos-25.11-small 1.4.8
- nixpkgs-25.11-darwin 1.4.8

pkgs.strawberry

Music player and music collection organizer

nixos-unstable 1.2.18
- nixpkgs-unstable 1.2.18
- nixos-unstable-small 1.2.18
nixos-25.11 1.2.13
- nixos-25.11-small 1.2.13
- nixpkgs-25.11-darwin 1.2.13

pkgs.yarn-berry

Fast, reliable, and secure dependency management

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.11.0
- nixos-25.11-small 4.11.0
- nixpkgs-25.11-darwin 4.11.0

pkgs.yarn-berry_3

Fast, reliable, and secure dependency management

nixos-unstable 3.8.7
- nixpkgs-unstable 3.8.7
- nixos-unstable-small 3.8.7
nixos-25.11 3.8.7
- nixos-25.11-small 3.8.7
- nixpkgs-25.11-darwin 3.8.7

pkgs.yarn-berry_4

Fast, reliable, and secure dependency management

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.11.0
- nixos-25.11-small 4.11.0
- nixpkgs-25.11-darwin 4.11.0

pkgs.raspberrypifw

Firmware for the Raspberry Pi board

nixos-unstable 1.20250430
- nixpkgs-unstable 1.20250430
- nixos-unstable-small 1.20250430
nixos-25.11 1.20250430
- nixos-25.11-small 1.20250430
- nixpkgs-25.11-darwin 1.20250430

pkgs.libraspberrypi

Userland tools & libraries for interfacing with Raspberry Pi hardware

nixos-unstable 0-unstable-2024-12-23
- nixpkgs-unstable 0-unstable-2024-12-23
- nixos-unstable-small 0-unstable-2024-12-23
nixos-25.11 0-unstable-2024-12-23
- nixos-25.11-small 0-unstable-2024-12-23
- nixpkgs-25.11-darwin 0-unstable-2024-12-23

pkgs.strawberry-qt6

Music player and music collection organizer

pkgs.device-tree_rpi

DTBs for the Raspberry Pi

nixos-unstable 1.20250430
- nixpkgs-unstable 1.20250430
- nixos-unstable-small 1.20250430
nixos-25.11 1.20250430
- nixos-25.11-small 1.20250430
- nixpkgs-25.11-darwin 1.20250430

pkgs.raspberrypi-eeprom

Installation scripts and binaries for the closed sourced Raspberry Pi 4 and 5 bootloader EEPROMs

nixos-unstable 2026.01.09-2711
- nixpkgs-unstable 2026.01.09-2711
- nixos-unstable-small 2026.01.09-2711
nixos-25.11 2025.11.05-2712
- nixos-25.11-small 2025.11.05-2712
- nixpkgs-25.11-darwin 2025.11.05-2712

pkgs.raspberrypi-armstubs

Firmware related ARM stubs for the Raspberry Pi

nixos-unstable 2022-07-11
- nixpkgs-unstable 2022-07-11
- nixos-unstable-small 2022-07-11
nixos-25.11 2022-07-11
- nixos-25.11-small 2022-07-11
- nixpkgs-25.11-darwin 2022-07-11

pkgs.haskellPackages.huckleberry

Haskell IOT on Intel Edison and other Linux computers

nixos-unstable 0.10.0.2
- nixpkgs-unstable 0.10.0.2
- nixos-unstable-small 0.10.0.2
nixos-25.11 0.10.0.2
- nixos-25.11-small 0.10.0.2
- nixpkgs-25.11-darwin 0.10.0.2

pkgs.raspberrypiWirelessFirmware

Firmware for builtin Wifi/Bluetooth devices in the Raspberry Pi 3+ and Zero W

nixos-unstable 0-unstable-2025-04-08
- nixpkgs-unstable 0-unstable-2025-04-08
- nixos-unstable-small 0-unstable-2025-04-08
nixos-25.11 0-unstable-2025-04-08
- nixos-25.11-small 0-unstable-2025-04-08
- nixpkgs-25.11-darwin 0-unstable-2025-04-08

pkgs.python312Packages.strawberry-django

Strawberry GraphQL Django extension

nixos-25.11 0.65.1
- nixos-25.11-small 0.65.1
- nixpkgs-25.11-darwin 0.65.1

pkgs.python313Packages.strawberry-django

Strawberry GraphQL Django extension

nixos-unstable 0.74.1
- nixpkgs-unstable 0.74.1
- nixos-unstable-small 0.74.1
nixos-25.11 0.65.1
- nixos-25.11-small 0.65.1
- nixpkgs-25.11-darwin 0.65.1

pkgs.python312Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-25.11 0.278.0
- nixos-25.11-small 0.278.0
- nixpkgs-25.11-darwin 0.278.0

pkgs.python313Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-unstable 0.289.2
- nixpkgs-unstable 0.289.2
- nixos-unstable-small 0.289.2
nixos-25.11 0.278.0
- nixos-25.11-small 0.278.0
- nixpkgs-25.11-darwin 0.278.0

pkgs.home-assistant-component-tests.raspberry_pi

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.raspberry_pi

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Not present in nixpkgs (berry-lang)

Suggestion detail

References

Affected products

pkgs.berry

pkgs.amiberry

pkgs.blueberry

pkgs.strawberry

pkgs.yarn-berry

pkgs.yarn-berry_3

pkgs.yarn-berry_4

pkgs.raspberrypifw

pkgs.libraspberrypi

pkgs.strawberry-qt6

pkgs.device-tree_rpi

pkgs.raspberrypi-eeprom

pkgs.raspberrypi-armstubs

pkgs.haskellPackages.huckleberry

pkgs.raspberrypiWirelessFirmware

pkgs.python312Packages.strawberry-django

pkgs.python313Packages.strawberry-django

pkgs.python312Packages.strawberry-graphql

pkgs.python313Packages.strawberry-graphql

pkgs.home-assistant-component-tests.raspberry_pi

pkgs.tests.home-assistant-component-tests.raspberry_pi