Description
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.
Published: 2026-04-03
Score: 2.1 Low
EPSS: n/a
KEV: No
Impact: Integer Overflow in Table Validation Function
Action: Patch Later
AI Analysis

Impact

A vulnerability in NASA cFS up to version 7.0.0 on 32‑bit platforms allows an attacker to cause an integer overflow in the CFE_TBL_ValidateCodecLoadSize function used by the passthru codec module. This overflow can lead to memory corruption or denial‑of‑service conditions if crafted input is processed, potentially affecting system integrity or availability.

Affected Systems

The affected product is NASA Corporate Flight System (cFS). Versions up to 7.0.0 on 32‑bit architectures are impacted, while newer releases are not yet affected.

Risk and Exploitability

The CVSS score is 2.1 indicating low severity. No EPSS score is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack requires crafting specific input to trigger the overflow, and the description indicates a high complexity and difficult exploitation, implying a limited risk in typical use.

Generated by OpenCVE AI on April 3, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Determine the current cFS version in use
  • Monitor the NASA cFS project for the planned patch release
  • Upgrade to the patched cFS release when it becomes available

Generated by OpenCVE AI on April 3, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.
Title NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow
First Time appeared Nasa
Nasa cfs
Weaknesses CWE-189
CWE-190
CPEs cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:*
Vendors & Products Nasa
Nasa cfs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.6, 'vector': 'CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Nasa Cfs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-03T17:30:12.629Z

Reserved: 2026-04-03T07:51:24.742Z

Link: CVE-2026-5476

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-03T18:16:26.687

Modified: 2026-04-03T18:16:26.687

Link: CVE-2026-5476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:15:02Z

Weaknesses