Description
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
Published: 2026-03-02
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap-based Buffer Overflow
Action: Patch
AI Analysis

Impact

The vulnerability originates in the RTLIL::Const::set function within the BLIF File Parser component, where improperly bounded writes to a heap-allocated buffer can cause a heap-based overflow. This overflow occurs when an attacker supplies a malicious BLIF file that the parser processes. According to the official description, it is possible for local users to trigger the overflow, which may lead to a crash or corruption of program memory. The CVE details do not explicitly claim arbitrary code execution, so any such claim is beyond the stated evidence.

Affected Systems

YosysHQ yosys users running version 0.62 or earlier are affected. The issue is confined to the kernel/rtlil.h component responsible for parsing BLIF files. No newer releases or alternative branches have been reported to contain the flaw. Systems that load untrusted BLIF files locally are susceptible.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, while the EPSS score below 1% suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the attack vector is local, only users with local filesystem access or attackers who gain local foothold can exploit it. Nonetheless, since heap overflows can degrade reliability or provide a foothold for more advanced attacks, administrators should treat the patch as a priority.

Generated by OpenCVE AI on April 18, 2026 at 10:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Yosys to the patched version released after the fix (e.g., version 0.63 or later).
  • Recompile the project from the updated source repository to ensure the corrected code is present if using a custom build.
  • Limit or quarantine the processing of untrusted BLIF files: run Yosys in a restricted environment or remove BLIF support if not required to reduce the attack surface.

Generated by OpenCVE AI on April 18, 2026 at 10:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Yosyshq
Yosyshq yosys
Vendors & Products Yosyshq
Yosyshq yosys

Mon, 02 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
Title YosysHQ yosys BLIF File rtlil.h set heap-based overflow
Weaknesses CWE-119
CWE-122
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Yosyshq Yosys
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-02T14:43:12.380Z

Reserved: 2026-03-01T07:03:11.753Z

Link: CVE-2026-3407

cve-icon Vulnrichment

Updated: 2026-03-02T14:40:30.343Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-02T03:16:01.600

Modified: 2026-03-02T20:30:10.923

Link: CVE-2026-3407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses