CVE-2026-3407
Heap-Based Buffer Overflow in Yosys BLIF File Parser
Publication date: 2026-03-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yosyshq | yosys | to 0.62 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to a heap-based buffer overflow, which may cause the Yosys software to crash or behave unpredictably.
Since the overflow is triggered by parsing crafted BLIF files, an attacker with local access could exploit this to potentially disrupt the availability of the software.
The CVSS scores indicate a low severity impact, primarily affecting availability, with no direct impact on confidentiality or integrity.
Can you explain this vulnerability to me?
CVE-2026-3407 is a heap-based buffer overflow vulnerability in the YosysHQ yosys software, specifically in the function Yosys::RTLIL::Const::set within the BLIF File Parser component.
The vulnerability occurs when parsing a specially crafted BLIF file, causing an out-of-bounds write of one byte immediately after a 1024-byte allocated buffer. This happens due to improper bounds checking or indexing logic in the bit-setting operation of the constant during BLIF parsing.
The issue can be triggered locally and has been confirmed by the vendor, who released a patch fixing the bounds checking to prevent the overflow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by running Yosys with AddressSanitizer (ASAN) enabled and using a specially crafted BLIF file to trigger the heap-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A specific command to reproduce the issue is: `./yosys -p "read_blif repro"` where "repro" is a crafted BLIF file designed to trigger the vulnerability.'}, {'type': 'paragraph', 'content': 'Detection involves monitoring for heap-buffer-overflow errors reported by ASAN during the parsing of BLIF files, which indicates the presence of the vulnerability.'}] [1, 7]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to apply the patch provided by the vendor that fixes the out-of-bounds write by adding proper bounds checking in the BLIF parser.
The patch addressing this issue was merged into the main branch on February 18, 2026, as part of Pull Request #5681, which ensures input boundaries are properly validated.
Until the patch is applied, avoid processing untrusted or specially crafted BLIF files that could trigger the heap overflow.