Description
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Published: 2026-03-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A memory corruption vulnerability exists in Digilent DASYLab when a user opens a specially crafted corrupted file. The flaw manifests as an out‑of‑bounds read (CWE-125), which can lead to information disclosure or arbitrary code execution. The vulnerability arises from improper bounds checking during file parsing, allowing an attacker to read memory beyond the intended buffer.

Affected Systems

All versions of Digilent DASYLab are affected. The CPE identifier for affected products is cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*. No version‑specific exclusions are listed.

Risk and Exploitability

The CVSS score is 8.5, indicating a high severity. The EPSS score is less than 1%, suggesting the probability of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious file, so the attack vector is local and relies on social engineering. The overall risk is high but the likelihood of real‑world exploitation remains low.

Generated by OpenCVE AI on March 19, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or support portal for a security update or patch for Digilent DASYLab and apply it immediately.
  • If a patch is not yet available, restrict the file types and locations from which the user can open files in DASYLab; consider using application whitelisting or sandboxing techniques.
  • Apply a least‑privilege policy for the user account that runs DASYLab, limiting potential impact if code execution occurs.
  • Monitor the system for anomalous behavior such as unexpected memory reads or process injections, and investigate any suspicious activity promptly.

Generated by OpenCVE AI on March 19, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Ni
Ni dasylab
CPEs cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni dasylab

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Digilent
Digilent dasylab
Vendors & Products Digilent
Digilent dasylab

Sun, 15 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Title Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Digilent Dasylab
Ni Dasylab
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-03-15T01:51:19.093Z

Reserved: 2026-01-14T19:16:23.783Z

Link: CVE-2026-0955

cve-icon Vulnrichment

Updated: 2026-03-15T01:50:44.693Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:57.400

Modified: 2026-03-19T17:41:49.907

Link: CVE-2026-0955

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:02:54Z

Weaknesses