{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0955", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2026-01-14T19:16:23.783Z", "datePublished": "2026-03-13T15:07:36.285Z", "dateUpdated": "2026-03-15T01:51:19.093Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-03-13T15:12:05.756Z"}, "title": "Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Digilent", "product": "DASYLab", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. &nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.</p>"}]}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Rocco Calvi (@TecR0c) with TecSecurity", "type": "finder"}, {"lang": "en", "value": "Trend Micro Zero Day Initiative", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0955", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-14T03:55:31.114646Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-15T01:51:19.093Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0955", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-14T03:55:31.114646Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-15T01:50:44.693Z"}}], "cna": {"title": "Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Rocco Calvi (@TecR0c) with TecSecurity"}, {"lang": "en", "type": "coordinator", "value": "Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Digilent", "product": "DASYLab", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.", "supportingMedia": [{"type": "text/html", "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. &nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-03-13T15:12:05.756Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0955", "state": "PUBLISHED", "dateUpdated": "2026-03-15T01:51:19.093Z", "dateReserved": "2026-01-14T19:16:23.783Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2026-03-13T15:07:36.285Z", "assignerShortName": "NI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*", "matchCriteriaId": "C82FAA96-B2A6-45B2-B5ED-00E56EAB3274", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria debido a una lectura fuera de l\u00edmites al cargar un archivo corrupto en Digilent DASYLab. Esta vulnerabilidad puede resultar en revelaci\u00f3n de informaci\u00f3n o ejecuci\u00f3n de c\u00f3digo arbitrario. La explotaci\u00f3n exitosa requiere que un atacante consiga que un usuario abra un archivo especialmente dise\u00f1ado. Esta vulnerabilidad afecta a todas las versiones de Digilent DASYLab."}], "id": "CVE-2026-0955", "lastModified": "2026-03-19T17:41:49.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:57.400", "references": [{"source": "security@ni.com", "tags": ["Vendor Advisory"], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@ni.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DASYLab", "source": "cna", "vendor": "Digilent"}, "product": "dasylab", "vendor": "digilent"}], "analysis": {"en": {"generated_at": "2026-03-19T18:52:00.180569+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or support portal for a security update or patch for Digilent DASYLab and apply it immediately.", "If a patch is not yet available, restrict the file types and locations from which the user can open files in DASYLab; consider using application whitelisting or sandboxing techniques.", "Apply a least\u2011privilege policy for the user account that runs DASYLab, limiting potential impact if code execution occurs.", "Monitor the system for anomalous behavior such as unexpected memory reads or process injections, and investigate any suspicious activity promptly."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All versions of Digilent DASYLab are affected. The CPE identifier for affected products is cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*. No version\u2011specific exclusions are listed.", "description_and_impact": "A memory corruption vulnerability exists in Digilent DASYLab when a user opens a specially crafted corrupted file. The flaw manifests as an out\u2011of\u2011bounds read (CWE-125), which can lead to information disclosure or arbitrary code execution. The vulnerability arises from improper bounds checking during file parsing, allowing an attacker to read memory beyond the intended buffer.", "risk_and_exploitability": "The CVSS score is 8.5, indicating a high severity. The EPSS score is less than 1%, suggesting the probability of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious file, so the attack vector is local and relies on social engineering. The overall risk is high but the likelihood of real\u2011world exploitation remains low."}}}}, "created": "2026-03-16T09:25:12.985497+00:00", "updated": "2026-03-23T12:02:54.231418+00:00", "vendors": ["digilent", "digilent$PRODUCT$dasylab"]}