CVE-2026-3407 PUBLISHED

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.

• Oneafter (VulDB User) reporter

• VDB-348302 | YosysHQ yosys BLIF File rtlil.h set heap-based overflow
• VDB-348302 | CTI Indicators (IOB, IOC, IOA)
• Submit #763755 | YosysHQ yosys 8bbde80 Heap-based Buffer Overflow
• https://github.com/YosysHQ/yosys/issues/5677
• https://github.com/YosysHQ/yosys/pull/5680
• https://github.com/oneafter/0210/blob/main/yo2/repro
• https://github.com/YosysHQ/yosys/pull/5681
• https://github.com/YosysHQ/yosys/

• Heap-based Buffer Overflow CWE
• Memory Corruption CWE