Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
YosysHQ yosys: Unpatched Heap Overflow on Local Host
CVE-2026-3407
Summary
A security issue was found in YosysHQ yosys versions up to 0.62. This affects how the software handles certain file types. If exploited, an attacker could potentially gain unauthorized access to your local system. To protect yourself, apply the available patch as soon as possible.
Original title
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes...
Original description
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-122
Heap-based Buffer Overflow
- https://github.com/YosysHQ/yosys/
- https://github.com/YosysHQ/yosys/issues/5677
- https://github.com/YosysHQ/yosys/pull/5680
- https://github.com/YosysHQ/yosys/pull/5681
- https://github.com/oneafter/0210/blob/main/yo2/repro
- https://vuldb.com/?ctiid.348302
- https://vuldb.com/?id.348302
- https://vuldb.com/?submit.763755
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026