Nixpkgs security tracker
6.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Not Defined (X)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Reasonable (R)
- Modified Attack Vector (MAV): Adjacent (A)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
References
-
VDB-355078 | NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow technical-descriptionvdb-entry
-
-
https://github.com/nasa/cFS/issues/952 issue-tracking
-
https://github.com/nasa/cFS/ product
Affected products
- ==7.0
Matching in nixpkgs
pkgs.cfssl
Cloudflare's PKI and TLS toolkit
pkgs.cpcfs
Manipulating CPC dsk images and files
pkgs.encfs
Encrypted filesystem in user-space via FUSE
pkgs.lxcfs
FUSE filesystem for LXC
pkgs.gencfsm
EncFS manager and mounter with GNOME3 integration
pkgs.cfspeedtest
Unofficial CLI for speed.cloudflare.com
pkgs.cfs-zen-tweaks
Tweak Linux CPU scheduler for desktop responsiveness
pkgs.ocamlPackages.cfstream
Simple Core-inspired wrapper for standard library Stream module
pkgs.python312Packages.cfscrape
None
pkgs.python313Packages.cfscrape
Python module to bypass Cloudflare's anti-bot page
pkgs.python314Packages.cfscrape
Python module to bypass Cloudflare's anti-bot page
pkgs.ocamlPackages_latest.cfstream
Simple Core-inspired wrapper for standard library Stream module
pkgs.python312Packages.macfsevents
None
pkgs.python313Packages.macfsevents
Thread-based interface to file system observation primitives
pkgs.python314Packages.macfsevents
Thread-based interface to file system observation primitives
pkgs.azure-cli-extensions.managedccfs
Microsoft Azure Command-Line Tools Managedccfs Extension
pkgs.python312Packages.python-linux-procfs
None
pkgs.python313Packages.python-linux-procfs
Python classes to extract information from the Linux kernel /proc files
pkgs.python314Packages.python-linux-procfs
Python classes to extract information from the Linux kernel /proc files
pkgs.tests.testers.runCommand.nonDefault-hash
None
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
-
@colemickens Cole Mickens <cole.mickens@gmail.com>
-
@stepbrobd Yifei Sun <ysun@hey.com>
-
@mbrgm Marius Bergmann <marius@yeai.de>
-
@spacefrogg Michael Raitza <spacefrogg-nixos@meterriblecrew.net>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@megheaiulian Meghea Iulian <iulian.meghea@gmail.com>
-
@herbetom Tom Herbers <nixos@tomherbers.de>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>