MEDIUM🇬🇧 English

CVE-2026-5474

CVSS 5.3v4.0pub. 2026-04-03upd. 2026-04-30

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Nasa Core Flight System

    APP
    Nasa
    ≤ 7.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2025-25373CRITICAL9.8PL ✓ten sam produkt

NASA cFS Aquila — błędne uprawnienia w module zarządzania pamięcią umożliwiają RCE

CVE-2025-25372HIGH7.5ten sam produkt

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand t...

CVE-2025-25371HIGH7.5ten sam produkt

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override...

CVE-2025-25374HIGH7.5ten sam produkt

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will preve...

CVE-2026-5475MEDIUM5.1ten sam produkt

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the fi...

CVE-2026-5474 — MEDIUM 5.3 | CVEbaza.pl