Nixpkgs security tracker

Permalink CVE-2026-3407

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

YosysHQ yosys BLIF File rtlil.h set heap-based overflow

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.

References

VDB-348302 | YosysHQ yosys BLIF File rtlil.h set heap-based overflow vdb-entrytechnical-description
VDB-348302 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #763755 | YosysHQ yosys 8bbde80 Heap-based Buffer Overflow third-party-advisory
https://github.com/YosysHQ/yosys/issues/5677 issue-tracking
https://github.com/YosysHQ/yosys/pull/5680 patchissue-tracking
https://github.com/oneafter/0210/blob/main/yo2/repro exploit
https://github.com/YosysHQ/yosys/pull/5681 patchissue-tracking
https://github.com/YosysHQ/yosys/ product

Affected products

yosys

==0.11
==0.26
==0.37
==0.18
==0.22
==0.42
==0.61
==0.21
==0.25
==0.29
==0.57
==0.35
==0.8
==0.24
==0.58
==0.47
==0.39
==0.7
==0.34
==0.27
==0.41
==0.60
==0.1
==0.45
==0.13
==0.49
==0.31
==0.59
==0.30
==0.14
==0.36
==0.52
==0.10
==0.4
==0.40
==0.50
==0.51
==0.56
==0.12
==0.33
==0.20
==0.54
==0.16
==0.46
==0.9
==0.55
==0.17
==0.38
==0.3
==0.32
==0.62
==0.23
==0.53
==0.44
==0.43
==0.6
==0.5
==0.28
==0.2
==0.15
==0.48
==0.19

Matching in nixpkgs

pkgs.yosys

Open RTL synthesis framework and tools

nixos-unstable 0.62
- nixpkgs-unstable 0.62
- nixos-unstable-small 0.62
nixos-25.11 0.55
- nixos-25.11-small 0.55
- nixpkgs-25.11-darwin 0.55

pkgs.yosys-ghdl

GHDL plugin for Yosys

nixos-unstable 0-unstable-2025-05-23
- nixpkgs-unstable 0-unstable-2025-05-23
- nixos-unstable-small 0-unstable-2025-05-23
nixos-25.11 0-unstable-2025-05-23
- nixos-25.11-small 0-unstable-2025-05-23
- nixpkgs-25.11-darwin 0-unstable-2025-05-23

pkgs.yosys-synlig

SystemVerilog support plugin for Yosys

nixos-25.11 2024-12-10
- nixos-25.11-small 2024-12-10
- nixpkgs-25.11-darwin 2024-12-10

pkgs.yosys-bluespec

Bluespec plugin for Yosys

nixos-unstable 2021.09.08
- nixpkgs-unstable 2021.09.08
- nixos-unstable-small 2021.09.08
nixos-25.11 2021.09.08
- nixos-25.11-small 2021.09.08
- nixpkgs-25.11-darwin 2021.09.08