Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Feb 27, 2026
berry-lang berry be_lexer.c scan_string out-of-bounds
CVE-2026-3285
Description
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
Affected products
2- Range: <=1.1.0
- berry-lang/berryv5Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/berry-lang/berry/commit/7149c59a39ba44feca261b12f06089f265fec176mitrepatch
- github.com/berry-lang/berry/pull/511mitreissue-trackingpatch
- github.com/oneafter/0211/blob/main/be/repromitreexploit
- vuldb.commitrethird-party-advisory
- github.com/berry-lang/berry/issues/509mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.