← Voltar para CVEs

CVE-2025-70083

HIGH

7.8

Descricao

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado2/11/2026

Ultima modificacao2/17/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

opensatkit:opensatkit

Fraquezas (CWE)

CWE-121

Referencias

https://gist.github.com/jonafk555(cve@mitre.org)

https://github.com/OpenSatKit/OpenSatKit(cve@mitre.org)

https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1(cve@mitre.org)

https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c(cve@mitre.org)

https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c#:~:text=strcpy%28DirWithSep(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.