CVE-2025-70083
- Source
- https://cve.org/CVERecord?id=CVE-2025-70083
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70083.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-70083
- Published
- 2026-02-11T18:16:06.337Z
- Modified
- 2026-02-25T01:31:05.548256Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OSMAXPATHLEN. If the length of DirName is greater than or equal to OSMAXPATHLEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
- References
-
- https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c
- https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c#:~:text=strcpy%28DirWithSep
- https://gist.github.com/jonafk555
- https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1
- https://github.com/OpenSatKit/OpenSatKit