CVE-2026-3390

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.3 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability Details

Published Date

March 01, 2026

Last Modified

March 01, 2026

CWE ID

CWE-119

Source

NVD

External References

https://github.com/FascinatedBox/lily/
https://github.com/FascinatedBox/lily/issues/382
https://github.com/oneafter/0122/blob/main/i382/repro.lily
https://vuldb.com/?ctiid.348276
https://vuldb.com/?id.348276
https://vuldb.com/?submit.761326

CVE-2026-3390

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment