Description
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-03
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Heap‑based buffer overflow leading to memory corruption and the risk of crash or arbitrary code execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the CFE_MSG_GetSize function within the to_lab_passthru_encode.c source of the CCSDS Packet Header Handler component in NASA's Core Flight System. An attacker can craft malformed input over the local network to trigger a heap‑based buffer overflow. The overflow can corrupt adjacent memory, potentially causing a crash or allowing arbitrary code execution on the host. This weakness aligns with CWE‑119 and CWE‑122 and represents a classic memory corruption flaw.

Affected Systems

Affected systems include NASA’s cFS software up to and including version 7.0.0. The vulnerability manifests in the to_lab_passthru_encode component, which is part of the overall cFS application set used in many satellite flight software scenarios. Users running non‑patched versions of cFS in any environment that permits local network interaction are subject to this risk.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity level, and the EPSS rating is not available, suggesting no publicly documented exploitation attempts yet. KEV listing is absent, so there is no confirmation of widespread exploitation. The required local network access limits the attack surface to internal or compromised nodes; however, once inside, the attacker could destabilize the flight software or potentially take control if the overflow is successfully leveraged. As such, the risk remains moderate but requires timely mitigation, especially for mission‑critical deployments.

Generated by OpenCVE AI on April 3, 2026 at 20:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify current cFS version and download the latest release that resolves the heap overflow.
  • Apply the vendor’s patch or upgrade to the patched cFS version.
  • Restrict local network communication to authorized ground‑control systems and apply network segmentation.
  • Monitor flight logs for abnormal packet handling or crashes that could indicate exploitation attempts.
  • If no patch is immediately available, review the CFE_MSG_GetSize code to add bounds checking or use safe libraries as a temporary mitigation until an official fix is released.

Generated by OpenCVE AI on April 3, 2026 at 20:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
Title NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow
First Time appeared Nasa
Nasa cfs
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:*
Vendors & Products Nasa
Nasa cfs
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:A/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Nasa Cfs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-03T20:02:13.494Z

Reserved: 2026-04-03T07:51:17.409Z

Link: CVE-2026-5474

cve-icon Vulnrichment

Updated: 2026-04-03T20:02:09.314Z

cve-icon NVD

Status : Received

Published: 2026-04-03T17:16:54.450

Modified: 2026-04-03T17:16:54.450

Link: CVE-2026-5474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:15:05Z

Weaknesses