cvedb.io
CVE-2025-70083
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-02-11T18:16:06.337 · Last modified 2026-06-17T10:03:07.020

Summary

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.

Affected products

opensatkit — opensatkit

Does this affect you?

Add your gear to cvedb and we'll alert you only when opensatkit ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.