CVE-2026-5475

Published: Apr 3, 2026Modified: May 4, 2026

5.1

Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but has not responded yet.

Affected (1)

Products: Nasa: Core Flight System

1 product

Core Flight System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasa Core Flight System	Up to 7.0.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (5)

https://github.com/nasa/cFS/

Source: cna@vuldb.com

Product

https://github.com/nasa/cFS/issues/953

Source: cna@vuldb.com

Issue Tracking

https://vuldb.com/submit/781951

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355079

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355079/cti

Source: cna@vuldb.com

Permissions RequiredVDB Entry

Timeline

No history available yet.