CVE-2026-33851
Improper Memory Buffer Restriction in doslib Causes Potential Overflow
Publication date: 2026-03-24
Last updated on: 2026-05-05
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joncampbell123 | doslib | to 20250729 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33851 is a vulnerability in the joncampbell123 doslib project involving improper restriction of operations within the bounds of a memory buffer. Specifically, it relates to cloned functions in the ext/faad component, which is derived from the knik0/faad2 project. The issue is a memory buffer boundary operation error that can lead to buffer overflow risks if exploited.
This vulnerability was addressed by applying a patch from the original faad2 repository that fixes similar issues, ensuring safer handling of cloned functions by enforcing proper memory boundary checks and preventing buffer overflows.
How can this vulnerability impact me? :
Exploitation of this vulnerability could lead to serious security risks including unauthorized access or modification of data, denial of service, or execution of arbitrary code due to buffer overflow. The CVSS score of 7.8 indicates a high severity with potential impacts on confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update doslib to a version that includes the security fix merged on October 29, 2025. This fix applies patches from the original faad2 project to prevent buffer overflow and improper memory boundary operations.
- Upgrade doslib to version doslib-20250729 or later.
- Apply the patch from pull request #65 in the joncampbell123/doslib GitHub repository if upgrading is not immediately possible.
- Review and test the updated code to ensure proper memory boundary checks are enforced.