CVE-2026-5474: Heap-based Buffer Overflow in NASA cFS
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability involves a heap-based buffer overflow in the function CFE_MSG_GetSize located in apps/to_lab/fsw/src/to_lab_passthru_encode.c of NASA cFS up to version 7.0.0. The flaw occurs in the CCSDS Packet Header Handler component, allowing an attacker with local network access to manipulate inputs and trigger the overflow. No official remediation or patch has been released as of the publication date.
Potential Impact
Successful exploitation could lead to memory corruption due to a heap-based buffer overflow, potentially causing application instability or denial of service. The attacker must have local network access, limiting the attack surface. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official fix or patch is currently available. Users should monitor the NASA cFS project for updates or advisories. Until a patch is released, restricting local network access to trusted users and systems may reduce risk.
CVE-2026-5474: Heap-based Buffer Overflow in NASA cFS
Description
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a heap-based buffer overflow in the function CFE_MSG_GetSize located in apps/to_lab/fsw/src/to_lab_passthru_encode.c of NASA cFS up to version 7.0.0. The flaw occurs in the CCSDS Packet Header Handler component, allowing an attacker with local network access to manipulate inputs and trigger the overflow. No official remediation or patch has been released as of the publication date.
Potential Impact
Successful exploitation could lead to memory corruption due to a heap-based buffer overflow, potentially causing application instability or denial of service. The attacker must have local network access, limiting the attack surface. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official fix or patch is currently available. Users should monitor the NASA cFS project for updates or advisories. Until a patch is released, restricting local network access to trusted users and systems may reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-03T07:51:17.409Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69cff5b20a160ebd92462686
Added to database: 4/3/2026, 5:15:30 PM
Last enriched: 4/3/2026, 5:30:26 PM
Last updated: 4/3/2026, 8:44:43 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.