CVE-2026-33851
Deferred Deferred - Pending Action
Improper Memory Buffer Restriction in doslib Causes Potential Overflow

Publication date: 2026-03-24

Last updated on: 2026-05-05

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33851
EUVD
EUVD-2026-14754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
joncampbell123 doslib to 20250729 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33851 is a vulnerability in the joncampbell123 doslib project involving improper restriction of operations within the bounds of a memory buffer. Specifically, it relates to cloned functions in the ext/faad component, which is derived from the knik0/faad2 project. The issue is a memory buffer boundary operation error that can lead to buffer overflow risks if exploited.

This vulnerability was addressed by applying a patch from the original faad2 repository that fixes similar issues, ensuring safer handling of cloned functions by enforcing proper memory boundary checks and preventing buffer overflows.

Impact Analysis

Exploitation of this vulnerability could lead to serious security risks including unauthorized access or modification of data, denial of service, or execution of arbitrary code due to buffer overflow. The CVSS score of 7.8 indicates a high severity with potential impacts on confidentiality, integrity, and availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should update doslib to a version that includes the security fix merged on October 29, 2025. This fix applies patches from the original faad2 project to prevent buffer overflow and improper memory boundary operations.

  • Upgrade doslib to version doslib-20250729 or later.
  • Apply the patch from pull request #65 in the joncampbell123/doslib GitHub repository if upgrading is not immediately possible.
  • Review and test the updated code to ensure proper memory boundary checks are enforced.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart