{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33851", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:46:40.231Z", "datePublished": "2026-03-24T05:48:17.002Z", "dateUpdated": "2026-03-24T14:17:22.605Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:48:17.002Z"}, "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in joncampbell123 doslib", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "joncampbell123", "product": "doslib", "collectionURL": "https://github.com/joncampbell123/doslib", "versions": [{"status": "affected", "version": "0", "lessThan": "doslib-20250729", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.<p>This issue affects doslib: before doslib-20250729.</p>"}]}], "references": [{"url": "https://github.com/joncampbell123/doslib/pull/65", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:17:14.808593Z", "id": "CVE-2026-33851", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:17:22.605Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:17:14.808593Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:17:19.298Z"}}], "cna": {"title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in joncampbell123 doslib", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "joncampbell123", "product": "doslib", "versions": [{"status": "affected", "version": "0", "lessThan": "doslib-20250729", "versionType": "git"}], "collectionURL": "https://github.com/joncampbell123/doslib", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/joncampbell123/doslib/pull/65", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.<p>This issue affects doslib: before doslib-20250729.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:48:17.002Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33851", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:17:22.605Z", "dateReserved": "2026-03-24T05:46:40.231Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:48:17.002Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en joncampbell123 doslib. Este problema afecta a doslib: anterior a doslib-20250729."}], "id": "CVE-2026-33851", "lastModified": "2026-05-05T20:38:41.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:22.370", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/joncampbell123/doslib/pull/65"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,doslib-20250729)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "doslib", "source": "cna", "vendor": "joncampbell123"}, "product": "doslib", "vendor": "joncampbell123"}], "analysis": {"en": {"generated_at": "2026-03-24T07:23:35.472357+00:00", "value": {"mitigation_remediation": ["Upgrade doslib to version 20250729 or later", "If an upgrade cannot be performed immediately, isolate or replace the library usage in the application", "Monitor logs for memory corruption or crash indicators", "Apply any vendor-released patches as soon as they become available"], "summary": {"action": "Immediate Patch", "impact": "Memory buffer overrun leading to potential arbitrary code execution or denial of service"}, "threat_synthesis": {"affected_systems": "Vendors and products affected are joncampbell123: doslib, specifically all releases prior to the 20250729 version. No further patch or version details are provided beyond the cutoff date.", "description_and_impact": "The vulnerability stems from improper bounds checking in the memory handling routines of doslib. This flaw allows an attacker to write or read beyond the intended buffer, potentially corrupting memory or executing arbitrary code. The impact includes compromise of confidentiality, integrity, or availability of the system using the library.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity level. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. While the exact attack vector is not explicitly stated, it is inferred that the flaw could be triggered by malformed input processed by the library, suggesting a potential local or remote exploitation scenario. The lack of immediate public exploit evidence makes the risk moderate-high until a confirmed exploit or patch is released."}}}}, "created": "2026-03-24T10:28:54.862354+00:00", "updated": "2026-03-25T20:39:59.332912+00:00", "vendors": ["joncampbell123", "joncampbell123$PRODUCT$doslib"]}