Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3285

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 2 weeks ago

berry-lang berry be_lexer.c scan_string out-of-bounds

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.

References

VDB-348014 | berry-lang berry be_lexer.c scan_string out-of-bounds vdb-entrytechnical-description
VDB-348014 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #758872 | berry-lang berry 7af8289 Buffer Overflow third-party-advisory
https://github.com/berry-lang/berry/issues/509 issue-tracking
https://github.com/berry-lang/berry/pull/511 patchissue-tracking
https://github.com/oneafter/0211/blob/main/be/repro exploit
https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fe… patch
https://github.com/berry-lang/berry/ product

Affected products

berry

==1.0
==1.1.0

Matching in nixpkgs

pkgs.berry

Healthy, bite-sized window manager

nixos-unstable 0.1.13
- nixpkgs-unstable 0.1.13
- nixos-unstable-small 0.1.13
nixos-25.11 0.1.13
- nixos-25.11-small 0.1.13
- nixpkgs-25.11-darwin 0.1.13

pkgs.amiberry

Optimized Amiga emulator for Linux/macOS

nixos-unstable 5.7.4
- nixpkgs-unstable 5.7.4
- nixos-unstable-small 5.7.4
nixos-25.11 5.7.4
- nixos-25.11-small 5.7.4
- nixpkgs-25.11-darwin 5.7.4

pkgs.blueberry

Bluetooth configuration tool

nixos-unstable 1.4.8
- nixpkgs-unstable 1.4.8
- nixos-unstable-small 1.4.8
nixos-25.11 1.4.8
- nixos-25.11-small 1.4.8
- nixpkgs-25.11-darwin 1.4.8

pkgs.strawberry

Music player and music collection organizer

nixos-unstable 1.2.18
- nixpkgs-unstable 1.2.18
- nixos-unstable-small 1.2.18
nixos-25.11 1.2.13
- nixos-25.11-small 1.2.13
- nixpkgs-25.11-darwin 1.2.13

pkgs.yarn-berry

Fast, reliable, and secure dependency management

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.11.0
- nixos-25.11-small 4.11.0
- nixpkgs-25.11-darwin 4.11.0

pkgs.yarn-berry_3

Fast, reliable, and secure dependency management

nixos-unstable 3.8.7
- nixpkgs-unstable 3.8.7
- nixos-unstable-small 3.8.7
nixos-25.11 3.8.7
- nixos-25.11-small 3.8.7
- nixpkgs-25.11-darwin 3.8.7

pkgs.yarn-berry_4

Fast, reliable, and secure dependency management

nixos-unstable 4.12.0
- nixpkgs-unstable 4.12.0
- nixos-unstable-small 4.12.0
nixos-25.11 4.11.0
- nixos-25.11-small 4.11.0
- nixpkgs-25.11-darwin 4.11.0

pkgs.raspberrypifw

Firmware for the Raspberry Pi board

nixos-unstable 1.20250430
- nixpkgs-unstable 1.20250430
- nixos-unstable-small 1.20250430
nixos-25.11 1.20250430
- nixos-25.11-small 1.20250430
- nixpkgs-25.11-darwin 1.20250430

pkgs.libraspberrypi

Userland tools & libraries for interfacing with Raspberry Pi hardware

nixos-unstable 0-unstable-2024-12-23
- nixpkgs-unstable 0-unstable-2024-12-23
- nixos-unstable-small 0-unstable-2024-12-23
nixos-25.11 0-unstable-2024-12-23
- nixos-25.11-small 0-unstable-2024-12-23
- nixpkgs-25.11-darwin 0-unstable-2024-12-23

pkgs.strawberry-qt6

Music player and music collection organizer

pkgs.device-tree_rpi

DTBs for the Raspberry Pi

nixos-unstable 1.20250430
- nixpkgs-unstable 1.20250430
- nixos-unstable-small 1.20250430
nixos-25.11 1.20250430
- nixos-25.11-small 1.20250430
- nixpkgs-25.11-darwin 1.20250430

pkgs.raspberrypi-eeprom

Installation scripts and binaries for the closed sourced Raspberry Pi 4 and 5 bootloader EEPROMs

nixos-unstable 2026.01.09-2711
- nixpkgs-unstable 2026.01.09-2711
- nixos-unstable-small 2026.01.09-2711
nixos-25.11 2025.11.05-2712
- nixos-25.11-small 2025.11.05-2712
- nixpkgs-25.11-darwin 2025.11.05-2712

pkgs.raspberrypi-armstubs

Firmware related ARM stubs for the Raspberry Pi

nixos-unstable 2022-07-11
- nixpkgs-unstable 2022-07-11
- nixos-unstable-small 2022-07-11
nixos-25.11 2022-07-11
- nixos-25.11-small 2022-07-11
- nixpkgs-25.11-darwin 2022-07-11

pkgs.haskellPackages.huckleberry

Haskell IOT on Intel Edison and other Linux computers

nixos-unstable 0.10.0.2
- nixpkgs-unstable 0.10.0.2
- nixos-unstable-small 0.10.0.2
nixos-25.11 0.10.0.2
- nixos-25.11-small 0.10.0.2
- nixpkgs-25.11-darwin 0.10.0.2

pkgs.raspberrypiWirelessFirmware

Firmware for builtin Wifi/Bluetooth devices in the Raspberry Pi 3+ and Zero W

nixos-unstable 0-unstable-2025-04-08
- nixpkgs-unstable 0-unstable-2025-04-08
- nixos-unstable-small 0-unstable-2025-04-08
nixos-25.11 0-unstable-2025-04-08
- nixos-25.11-small 0-unstable-2025-04-08
- nixpkgs-25.11-darwin 0-unstable-2025-04-08

pkgs.python312Packages.strawberry-django

Strawberry GraphQL Django extension

nixos-25.11 0.65.1
- nixos-25.11-small 0.65.1
- nixpkgs-25.11-darwin 0.65.1

pkgs.python313Packages.strawberry-django

Strawberry GraphQL Django extension

nixos-unstable 0.74.1
- nixpkgs-unstable 0.74.1
- nixos-unstable-small 0.74.1
nixos-25.11 0.65.1
- nixos-25.11-small 0.65.1
- nixpkgs-25.11-darwin 0.65.1

pkgs.python312Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-25.11 0.278.0
- nixos-25.11-small 0.278.0
- nixpkgs-25.11-darwin 0.278.0

pkgs.python313Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-unstable 0.289.2
- nixpkgs-unstable 0.289.2
- nixos-unstable-small 0.289.2
nixos-25.11 0.278.0
- nixos-25.11-small 0.278.0
- nixpkgs-25.11-darwin 0.278.0

pkgs.home-assistant-component-tests.raspberry_pi

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.raspberry_pi

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@michaelshmitty Michael Smith <shmitty@protonmail.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@tkerber Thomas Kerber <tk@drwx.org>
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
@minijackson Rémi Nicole <minijackson@riseup.net>
@Izorkin Yurii Izorkin <Izorkin@gmail.com>
@Luflosi Luflosi <luflosi@luflosi.de>
@dasJ Janne Heß <janne@hess.ooo>
@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ryota-ka Ryota Kameoka <ok@ryota-ka.me>
@DimitarNestorov Dimitar Nestorov <nix@dimitarnestorov.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.berry

pkgs.amiberry

pkgs.blueberry

pkgs.strawberry

pkgs.yarn-berry

pkgs.yarn-berry_3

pkgs.yarn-berry_4

pkgs.raspberrypifw

pkgs.libraspberrypi

pkgs.strawberry-qt6

pkgs.device-tree_rpi

pkgs.raspberrypi-eeprom

pkgs.raspberrypi-armstubs

pkgs.haskellPackages.huckleberry

pkgs.raspberrypiWirelessFirmware

pkgs.python312Packages.strawberry-django

pkgs.python313Packages.strawberry-django

pkgs.python312Packages.strawberry-graphql

pkgs.python313Packages.strawberry-graphql

pkgs.home-assistant-component-tests.raspberry_pi

pkgs.tests.home-assistant-component-tests.raspberry_pi

Package maintainers