CVE-2026-3285
Received Received - Intake
Out-of-Bounds Read in berry-lang scan_string Function

Publication date: 2026-02-27

Last updated on: 2026-03-02

Assigner: VulDB

Description
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3285
EUVD
EUVD-2026-8992
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
berry-lang berry 1.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the berry-lang berry software up to version 1.1.0, specifically in the function scan_string located in the file src/be_lexer.c.

The issue causes an out-of-bounds read, meaning the program reads memory outside the intended boundaries, which can lead to unexpected behavior or information disclosure.

Exploitation requires local access to the system, and the exploit has been publicly disclosed.

Applying the provided patch (identified by commit 7149c59a39ba44feca261b12f06089f265fec176) is recommended to fix this issue.

Impact Analysis

The vulnerability allows an attacker with local access to cause an out-of-bounds read in the berry-lang berry software.

This could potentially lead to information disclosure or program instability, although the impact is limited as the CVSS scores indicate a low severity.

There is no indication of integrity or availability impact, and the attack requires local privileges.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to apply the provided patch named 7149c59a39ba44feca261b12f06089f265fec176.

Since the vulnerability requires local access and involves an out-of-bounds read in the scan_string function of berry-lang berry up to version 1.1.0, applying the patch is the most effective mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3285. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart