Vulnerability Description
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/YosysHQ/yosys/
- https://github.com/YosysHQ/yosys/issues/5677
- https://github.com/YosysHQ/yosys/pull/5680
- https://github.com/YosysHQ/yosys/pull/5681
- https://github.com/oneafter/0210/blob/main/yo2/repro
- https://vuldb.com/?ctiid.348302
- https://vuldb.com/?id.348302
- https://vuldb.com/?submit.763755
FAQ
What is CVE-2026-3407?
CVE-2026-3407 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes he...
How severe is CVE-2026-3407?
CVE-2026-3407 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3407?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.