Skip to main content

Doslib CVE-2026-33851

| EUVDEUVD-2026-14754 HIGH
Buffer Overflow (CWE-119)
2026-03-24 GovTech CSG
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14754
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:48 nvd
HIGH 7.8

DescriptionCVE.org

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.

AnalysisAI

Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.

Technical ContextAI

Doslib is a development library by joncampbell123 for creating MS-DOS applications and tools. The affected component is identified via CPE cpe:2.3:a:joncampbell123:doslib:*:*:*:*:*:*:*:*. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a class of flaws where software performs operations on a memory buffer but can read from or write to a memory location outside the intended boundary. This classic memory safety issue can lead to crashes, data corruption, or arbitrary code execution when an attacker can control the out-of-bounds access.

RemediationAI

Upgrade doslib to version doslib-20250729 or later, which contains the fix for this buffer overflow vulnerability. The patch is available via GitHub pull request at https://github.com/joncampbell123/doslib/pull/65. Organizations using doslib in their development environments should update their toolchains to the patched version. Until patching is completed, exercise caution when processing untrusted input files or data with doslib-based tools, and consider restricting the use of vulnerable versions to trusted data sources only in isolated development environments.

Share

CVE-2026-33851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy