Description
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Published: 2026-03-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Patch
AI Analysis

Impact

A memory corruption flaw exists in Digilent DASYLab caused by an out-of-bounds write that occurs when the program attempts to load a malformed file. The vulnerability can lead to either information disclosure or arbitrary code execution in the context of the user who opens the compromised file. It is classified as CWE-787, which describes writing data past the end of a buffer.

Affected Systems

All versions of Digilent DASYLab are affected. The product is identified by the CPE string cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:* and is distributed by Digilent.

Risk and Exploitability

The CVSS score of 8.5 signifies a high‑severity flaw, while the EPSS score is below 1 %, indicating low exploitation activity. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to get a user to open a specially crafted DASYLab file, implying the vector is local and depends on social engineering or compromised file distribution.

Generated by OpenCVE AI on March 19, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch or update to the latest available version of Digilent DASYLab
  • Avoid opening unknown or untrusted ".dsy" files on the system
  • Use file‑integrity checks or antivirus scanning before opening DASYLab files
  • Enable automatic update notifications to receive future security fixes

Generated by OpenCVE AI on March 19, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Ni
Ni dasylab
CPEs cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni dasylab

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Digilent
Digilent dasylab
Vendors & Products Digilent
Digilent dasylab

Fri, 13 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
Title Out-Of-Bounds Write in Digilent DASYLab
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Digilent Dasylab
Ni Dasylab
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-03-15T01:51:19.224Z

Reserved: 2026-01-14T19:16:25.405Z

Link: CVE-2026-0957

cve-icon Vulnrichment

Updated: 2026-03-13T18:08:30.718Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:57.730

Modified: 2026-03-19T17:39:48.237

Link: CVE-2026-0957

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:02:55Z

Weaknesses