8 matches found
CVE-2025-25372
CVE-2025-25372 affects NASA cFS (Core Flight System) Aquila. A malicious telecommand can trigger a segmentation fault in the Memory Management Module, potentially causing memory corruption and availability impact. The NVD entry lists CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH)....
CVE-2025-25374
Technical details about CVE-2025-25374 are not publicly available in the provided connected documents. Monitor for updates if more specifics on affected products, impact, and fixes are released.
CVE-2025-25371
CVE-2025-25371 affects NASA cFS Core Flight System Aquila OSAL module, with a path traversal vulnerability that can override arbitrary files. The impact is confidentiality loss (C:H) per CVSS, but exploitation details are not provided in the connected documents. No remediation details are present...
CVE-2025-25373
The CVE-2025-25373 entry concerns the Memory Management Module of NASA cFS (Core Flight System) Aquila, which has insecure permissions that can be exploited to achieve remote code execution on the platform. The vulnerability impacts the Aquila component and its memory management functions as desc...
CVE-2026-5474
CVE-2026-5474 affects NASA cFS up to 7.0.0. The vulnerability is in CFE_MSG_GetSize (file apps/to_lab/fsw/src/to_lab_passthru_encode.c, CCSDS Packet Header Handler) and results in a heap-based buffer overflow when manipulated. Exploitation requires local network access. Multiple sources (NVD, Red...
CVE-2026-5473
CVE-2026-5473 affects NASA cFS (up to 7.0.0). The vulnerable element is the Pickle Module’s pickle.load, enabling deserialization. The attack is local, requires a high level of complexity, and exploitation is deemed difficult. Public disclosure exists, and the project was informed via an issue bu...
CVE-2026-5476
CVE-2026-5476 affects NASA cFS up to 7.0.0 on 32-bit. The vulnerability is in CFE_TBL_ValidateCodecLoadSize (cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c) and is caused by an integer overflow. The documented attack complexity is high and exploitability is described as difficult. A fix is plan...
CVE-2026-5475
NASA cFS up to 7.0.0 contains a memory corruption vulnerability in the CCSDS Header Size Handler. The affected function is CFE_SB_TransmitMsg in cfe_sb_priv.c, within the CCSDS Header Size Handler component. The issue is triggered by a manipulation of input leading to memory corruption. The CVE e...