Description
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Published: 2026-03-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure / Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read that occurs when Digilent DASYLab parses a corrupted project file. The memory corruption can expose sensitive data and, as the description states, may lead to arbitrary code execution. The weakness is classified as CWE‑125, indicating a buffer boundary overrun that allows reading memory outside the intended bounds.

Affected Systems

All released versions of Digilent DASYLab are affected. The affected product is listed by the CNA as Digilent:DASYLab and is represented by the CPE string cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*.

Risk and Exploitability

The CVSS score of 8.5 classifies the vulnerability as High severity. The EPSS score is reported as less than 1%, suggesting a low probability of seeing widespread exploitation at present. The vulnerability is not included in the CISA KEV catalog. Exploitation requires a victim to voluntarily open a specially crafted file, implying that it is a user‑interaction attack vector. No public exploits are known, but the combination of high impact and low exploitation likelihood does not lessen the need for prompt mitigation because a successful attack could lead to information disclosure or code execution.

Generated by OpenCVE AI on March 19, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest DASYLab security update from the vendor’s website (see provided reference).
  • If patching is not immediately possible, avoid opening or importing unknown or untrusted DASYLab project files. Treat such files as potentially malicious and keep them isolated.
  • Keep the operating system and antivirus software up to date, and monitor the vendor’s security advisories for any additional patches or workarounds.

Generated by OpenCVE AI on March 19, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Ni
Ni dasylab
CPEs cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni dasylab

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Digilent
Digilent dasylab
Vendors & Products Digilent
Digilent dasylab

Sun, 15 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Title Out-Of-Bounds Read in Digilent DASYLab
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Digilent Dasylab
Ni Dasylab
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-03-15T01:51:18.956Z

Reserved: 2026-01-14T19:16:24.636Z

Link: CVE-2026-0956

cve-icon Vulnrichment

Updated: 2026-03-15T01:50:43.263Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:57.563

Modified: 2026-03-19T17:41:09.590

Link: CVE-2026-0956

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:02:53Z

Weaknesses