CVE-2026-5474

Source
https://cve.org/CVERecord?id=CVE-2026-5474
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5474.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5474
Published
2026-04-03T17:00:15.566Z
Modified
2026-07-15T01:49:06.010290342Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X CVSS Calculator
Summary
NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow
Details

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cwe_ids": [
        "CWE-119",
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5474.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/nasa/cfe

Affected ranges

Type
GIT
Repo
https://github.com/nasa/cfe
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        }
    ],
    "source": "CPE_RANGE"
}
Type
GIT
Repo
https://github.com/nasa/cfs
Events
Database specific
{
    "cpe": "cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

6.*
6.7.0-bv
6.7.3-bv
7.*
7.0
Other
draco-rc1
draco-rc2
draco-rc3
draco-rc4
draco-rc5
equuleus-rc1
v6.*
v6.5.0a
v6.6.0a
v6.8.0-rc1
v6.8.0-rc1+dev393
v7.*
v7.0.0
v7.0.0-multitarget-demo
v7.0.0-rc1
v7.0.0-rc2
v7.0.0-rc3
v7.0.0-rc4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5474.json"