Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2026-5476
4.6 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Not Defined (X)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 2 months, 2 weeks ago Activity log
  • Created suggestion 2 months, 2 weeks ago
NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.cpcfs

Manipulating CPC dsk images and files

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9

pkgs.cfs-zen-tweaks

Tweak Linux CPU scheduler for desktop responsiveness