← Volver a CVEs

CVE-2025-70083

HIGH

7.8

Descripcion

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado2/11/2026

Ultima modificacion2/17/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

opensatkit:opensatkit

Debilidades (CWE)

CWE-121

Referencias

https://gist.github.com/jonafk555(cve@mitre.org)

https://github.com/OpenSatKit/OpenSatKit(cve@mitre.org)

https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1(cve@mitre.org)

https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c(cve@mitre.org)

https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c#:~:text=strcpy%28DirWithSep(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.