This vulnerability affects NASA cFS up to version 7.0.0 in the CFE_SB_TransmitMsg function of the cfe_sb_priv.c file, specifically within the CCSDS Header Size Handler component. Manipulating inputs to this function can cause memory corruption. The issue was reported early to the project, but no official fix or remediation guidance has been released. The CVSS 4.0 base score is 5.1, indicating a medium severity with attack vector being adjacent network and requiring low attack complexity and low privileges.

Successful exploitation of this vulnerability can lead to memory corruption within the affected component of NASA cFS. This could potentially cause application instability or unexpected behavior. There are no reports of exploitation in the wild, and the exact impact beyond memory corruption is not detailed in the available data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since NASA has not responded or released a fix, users should monitor official NASA channels for updates. Until a patch is available, cautious use and additional input validation around the affected function may help reduce risk.