A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
References
| Link | Resource |
|---|---|
| https://github.com/nasa/cFS/ | Product |
| https://github.com/nasa/cFS/issues/952 | Issue Tracking |
| https://vuldb.com/submit/781950 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355078 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355078/cti | Permissions Required VDB Entry |
Configurations
History
30 Apr 2026, 21:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nasa/cFS/ - Product | |
| References | () https://github.com/nasa/cFS/issues/952 - Issue Tracking | |
| References | () https://vuldb.com/submit/781950 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355078 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355078/cti - Permissions Required, VDB Entry | |
| CPE | cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:* | |
| First Time |
Nasa core Flight System
Nasa |
03 Apr 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-03 17:16
Updated : 2026-04-30 21:02
NVD link : CVE-2026-5474
Mitre link : CVE-2026-5474
CVE.ORG link : CVE-2026-5474
JSON object : View
Products Affected
nasa
- core_flight_system