Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-5476

4.6 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 week, 2 days ago

NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.

References

VDB-355080 | NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow vdb-entrytechnical-description
VDB-355080 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #781971 | NASA cFS 7.0.0 Integer overflow in CFE_TBL_ValidateCodecLoadSize bypasses boun third-party-advisory
https://github.com/nasa/cFS/issues/954 issue-tracking
https://github.com/nasa/cFS/ product

Affected products

cFS

==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

nixos-unstable 1.6.5
- nixpkgs-unstable 1.6.5
- nixos-unstable-small 1.6.5
nixos-25.11 1.6.5
- nixos-25.11-small 1.6.5
- nixpkgs-25.11-darwin 1.6.5

pkgs.cpcfs

Manipulating CPC dsk images and files

nixos-unstable 0.85.4
- nixpkgs-unstable 0.85.4
- nixos-unstable-small 0.85.4
nixos-25.11 0.85.4
- nixos-25.11-small 0.85.4
- nixpkgs-25.11-darwin 0.85.4

pkgs.encfs

Encrypted filesystem in user-space via FUSE

nixos-unstable 1.9.5
- nixpkgs-unstable 1.9.5
- nixos-unstable-small 1.9.5
nixos-25.11 1.9.5
- nixos-25.11-small 1.9.5
- nixpkgs-25.11-darwin 1.9.5

pkgs.lxcfs

FUSE filesystem for LXC

nixos-unstable 6.0.6
- nixpkgs-unstable 6.0.6
- nixos-unstable-small 6.0.6
nixos-25.11 6.0.5
- nixos-25.11-small 6.0.5
- nixpkgs-25.11-darwin 6.0.5

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

nixos-unstable 1.9
- nixpkgs-unstable 1.9
- nixos-unstable-small 1.9
nixos-25.11 1.9
- nixos-25.11-small 1.9
- nixpkgs-25.11-darwin 1.9

pkgs.cfspeedtest

Unofficial CLI for speed.cloudflare.com

nixos-unstable 2.2.1
- nixpkgs-unstable 2.2.1
- nixos-unstable-small 2.2.1
nixos-25.11 1.4.1
- nixos-25.11-small 1.4.1
- nixpkgs-25.11-darwin 1.4.1

pkgs.cfs-zen-tweaks

Tweak Linux CPU scheduler for desktop responsiveness

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.ocamlPackages.cfstream

Simple Core-inspired wrapper for standard library Stream module

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.python312Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python313Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python314Packages.cfscrape

Python module to bypass Cloudflare's anti-bot page

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1

pkgs.ocamlPackages_latest.cfstream

Simple Core-inspired wrapper for standard library Stream module

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.python312Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-25.11 0.8.4
- nixos-25.11-small 0.8.4
- nixpkgs-25.11-darwin 0.8.4

pkgs.python313Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-unstable 0.8.4
- nixpkgs-unstable 0.8.4
- nixos-unstable-small 0.8.4
nixos-25.11 0.8.4
- nixos-25.11-small 0.8.4
- nixpkgs-25.11-darwin 0.8.4

pkgs.python314Packages.macfsevents

Thread-based interface to file system observation primitives

nixos-unstable 0.8.4
- nixpkgs-unstable 0.8.4
- nixos-unstable-small 0.8.4

pkgs.azure-cli-extensions.managedccfs

Microsoft Azure Command-Line Tools Managedccfs Extension

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.python312Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-25.11 0.7.3
- nixos-25.11-small 0.7.3
- nixpkgs-25.11-darwin 0.7.3

pkgs.python313Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-unstable 0.7.3
- nixpkgs-unstable 0.7.3
- nixos-unstable-small 0.7.3
nixos-25.11 0.7.3
- nixos-25.11-small 0.7.3
- nixpkgs-25.11-darwin 0.7.3

pkgs.python314Packages.python-linux-procfs

Python classes to extract information from the Linux kernel /proc files

nixos-unstable 0.7.3
- nixpkgs-unstable 0.7.3
- nixos-unstable-small 0.7.3

pkgs.tests.testers.runCommand.nonDefault-hash

None

nixos-25.11 hvd21cfs9hxr
- nixos-25.11-small hvd21cfs9hxr
- nixpkgs-25.11-darwin hvd21cfs9hxr

Package maintainers

@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
@katexochen Paul Meyer <katexochen0@gmail.com>
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@colemickens Cole Mickens <cole.mickens@gmail.com>
@mbrgm Marius Bergmann <marius@yeai.de>
@spacefrogg Michael Raitza <spacefrogg-nixos@meterriblecrew.net>
@megheaiulian Meghea Iulian <iulian.meghea@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
@jnsgruk Jon Seager <jon@sgrs.uk>
@bcdarwin Ben Darwin <bcdarwin@gmail.com>