CVE-2026-3390

Medium CVSS: 4.8

A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor

Lily-lang

Product

Lily

CWE

CWE-119

Yayın Tarihi

2026-03-01 10:16:01

Güncelleme

2026-03-05 01:38:13

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-119 Lily MEDIUM Lily-lang 2026

Referanslar

https://github.com/FascinatedBox/lily/ https://github.com/FascinatedBox/lily/issues/382 https://github.com/oneafter/0122/blob/main/i382/repro.lily https://vuldb.com/?ctiid.348276 https://vuldb.com/?id.348276 https://vuldb.com/?submit.761326

Benzer Kayıtlar

Medium

CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the fi…

Medium

CVE-2026-3391

A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file…

Medium

CVE-2026-2662

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms…

Medium

CVE-2026-2660

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_nam…