CVE-2026-3391
Out-of-Bounds Read in FascinatedBox lily clear_storages Function
Publication date: 2026-03-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lily-lang | lily | to 2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3391 is a heap-based out-of-bounds read vulnerability in the FascinatedBox Lily interpreter, specifically in the function clear_storages within the file src/lily_emitter.c.
The vulnerability is caused by an off-by-one error in the iteration loop of clear_storages, which accesses memory just beyond the allocated buffer boundary (128 bytes). This happens when cleaning up storage slots while leaving a lambda block.
This out-of-bounds read can lead to memory corruption or crashes due to improper bounds checking during storage cleanup.
The issue requires local access to exploit and has been publicly disclosed with a proof-of-concept exploit available.
How can this vulnerability impact me? :
This vulnerability can cause memory corruption or crashes in the Lily interpreter when exiting lambda blocks, potentially affecting system stability.
Since the exploit requires local access, an attacker with local privileges could trigger the out-of-bounds read to disrupt availability or cause undefined behavior.
The impact is considered low severity with a CVSSv3 base score of 3.3, but it still poses a risk to system availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as an out-of-bounds read in the function clear_storages of the Lily interpreter, causing a heap-buffer-overflow detected by AddressSanitizer (ASAN). Detection involves running Lily compiled with ASAN enabled and observing ASAN reports for read violations at the boundary of the allocated buffer.
To detect the vulnerability on your system, you can build the Lily interpreter with Release mode and ASAN enabled, then run the provided test file repro.lily which triggers the overflow.
Suggested detection steps include:
- Compile Lily with Clang in Release mode with AddressSanitizer enabled.
- Run the interpreter with the repro.lily test file to trigger the vulnerability.
- Monitor ASAN output for read violations indicating out-of-bounds access.
What immediate steps should I take to mitigate this vulnerability?
Currently, no official patches or countermeasures have been provided by the project to mitigate this vulnerability.
Immediate mitigation steps include:
- Restrict local access to the system running the vulnerable Lily interpreter, as exploitation requires local execution.
- Consider using alternative products or versions not affected by this vulnerability.
- Monitor for updates or patches from the project or community.