Nixpkgs security tracker
4.6 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.
References
-
VDB-355080 | NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow vdb-entrytechnical-description
-
-
https://github.com/nasa/cFS/issues/954 issue-tracking
-
https://github.com/nasa/cFS/ product
Affected products
- ==7.0
Matching in nixpkgs
pkgs.cfssl
Cloudflare's PKI and TLS toolkit
pkgs.cpcfs
Manipulating CPC dsk images and files
pkgs.encfs
Encrypted filesystem in user-space via FUSE
pkgs.lxcfs
FUSE filesystem for LXC
pkgs.gencfsm
EncFS manager and mounter with GNOME3 integration
pkgs.cfspeedtest
Unofficial CLI for speed.cloudflare.com
pkgs.cfs-zen-tweaks
Tweak Linux CPU scheduler for desktop responsiveness
pkgs.ocamlPackages.cfstream
Simple Core-inspired wrapper for standard library Stream module
pkgs.python312Packages.cfscrape
Python module to bypass Cloudflare's anti-bot page
pkgs.python313Packages.cfscrape
Python module to bypass Cloudflare's anti-bot page
pkgs.python314Packages.cfscrape
Python module to bypass Cloudflare's anti-bot page
pkgs.ocamlPackages_latest.cfstream
Simple Core-inspired wrapper for standard library Stream module
pkgs.python312Packages.macfsevents
Thread-based interface to file system observation primitives
pkgs.python313Packages.macfsevents
Thread-based interface to file system observation primitives
pkgs.python314Packages.macfsevents
Thread-based interface to file system observation primitives
pkgs.azure-cli-extensions.managedccfs
Microsoft Azure Command-Line Tools Managedccfs Extension
pkgs.python312Packages.python-linux-procfs
Python classes to extract information from the Linux kernel /proc files
pkgs.python313Packages.python-linux-procfs
Python classes to extract information from the Linux kernel /proc files
pkgs.python314Packages.python-linux-procfs
Python classes to extract information from the Linux kernel /proc files
pkgs.tests.testers.runCommand.nonDefault-hash
None
-
nixos-25.11 hvd21cfs9hxr
- nixos-25.11-small hvd21cfs9hxr
- nixpkgs-25.11-darwin hvd21cfs9hxr
Package maintainers
-
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
-
@stepbrobd Yifei Sun <ysun@hey.com>
-
@colemickens Cole Mickens <cole.mickens@gmail.com>
-
@mbrgm Marius Bergmann <marius@yeai.de>
-
@spacefrogg Michael Raitza <spacefrogg-nixos@meterriblecrew.net>
-
@megheaiulian Meghea Iulian <iulian.meghea@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@jnsgruk Jon Seager <jon@sgrs.uk>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>