CVE-2026-3285
- Source
- https://cve.org/CVERecord?id=CVE-2026-3285
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3285.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-3285
- Published
- 2026-02-27T03:16:03.397Z
- Modified
- 2026-03-03T00:58:04.990542Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
- References
-
- https://github.com/berry-lang/berry/
- https://github.com/oneafter/0211/blob/main/be/repro
- https://vuldb.com/?ctiid.348014
- https://vuldb.com/?id.348014
- https://vuldb.com/?submit.758872
- https://github.com/berry-lang/berry/issues/509
- https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176
- https://github.com/berry-lang/berry/pull/511
Affected packages
Git / github.com/berry-lang/berry
Affected ranges
- Type
- GIT
- Repo
- https://github.com/berry-lang/berry
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3285.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "171909988789556060815880846552433693707",
"length": 527.0
},
"source": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176",
"signature_type": "Function",
"id": "CVE-2026-3285-0af35d71",
"target": {
"file": "src/be_lexer.c",
"function": "scan_string"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"158807579498153835044010150474020024592",
"196127997163451423732466084733066000552",
"326115317715822798537160605998773527020",
"284513134435939560701406010489424611567"
]
},
"source": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176",
"signature_type": "Line",
"id": "CVE-2026-3285-3b3d83b7",
"target": {
"file": "src/be_lexer.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"200123996703519491286523834886868032691",
"264960970511847308578059668493816500019",
"144918738726185877807504602889873033344",
"106659540769191730938905014706470239641",
"289912598733419863931404018143882904519",
"243748564966822156717794339939290823973",
"30295754120311536244214602692123550702",
"260090756479401332349881312885170561153",
"104401179505788755898332766053001361639",
"47624470960068159401329109252413971309",
"136577907361952520390700692552107287751",
"256707749711657831059748781685047294057"
]
},
"source": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176",
"signature_type": "Line",
"id": "CVE-2026-3285-e638f329",
"target": {
"file": "src/be_strlib.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "42461745822142710209225595774792749759",
"length": 421.0
},
"source": "https://github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176",
"signature_type": "Function",
"id": "CVE-2026-3285-efce2278",
"target": {
"file": "src/be_strlib.c",
"function": "get_mode"
}
}
]