YosysHQ Yosys Heap-Based Buffer Overflow Vulnerability in BLIF File Parser
Vulnerability
A heap-based buffer overflow vulnerability has been identified in YosysHQ Yosys versions through 0.62. The issue arises in the BLIF File Parser component, specifically within the Yosys::RTLIL::Const::set function in kernel/rtlil.h. This vulnerability can be exploited locally by parsing a crafted BLIF file, leading to an out-of-bounds memory access. The vulnerability has been publicly disclosed and is known to be exploitable.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by building Yosys with release optimization and AddressSanitizer (ASan) enabled. After building the application, Yosys can be run with the 'read_blif' command followed by a reference to a crafted BLIF file that triggers the overflow. This process can be automated with a simple synthesis script.
Remediation
Yosys maintainers have merged pull requests that address this vulnerability. The patched version can be downloaded from the Yosys GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.