{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41144", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-17T12:59:15.739Z", "datePublished": "2026-04-21T23:58:11.855Z", "dateUpdated": "2026-04-21T23:58:11.855Z"}, "containers": {"cna": {"title": "F\u00b4 (F Prime) has Integer Overflow in FileUplink", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh"}, {"name": "https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798", "tags": ["x_refsource_MISC"], "url": "https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798"}], "affected": [{"vendor": "nasa", "product": "fprime", "versions": [{"version": "< 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T23:58:11.855Z"}, "descriptions": [{"lang": "en", "value": "F\u00b4 (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers \u2014 the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available."}], "source": {"advisory": "GHSA-qmvv-rxh4-ccqh", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "F\u00b4 (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers \u2014 the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available."}], "id": "CVE-2026-41144", "lastModified": "2026-04-22T00:16:29.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0.0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 0.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-22T00:16:29.550", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798"}, {"source": "security-advisories@github.com", "url": "https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "fprime", "source": "cna", "vendor": "nasa"}, "product": "fprime", "vendor": "nasa"}], "analysis": {"en": {"generated_at": "2026-04-22T04:24:20.542655+00:00", "value": {"mitigation_remediation": ["Update F Prime to version\u202f4.2.0 or later, which contains the integer\u2011overflow and path\u2011sanitation fix.", "If an update cannot be applied immediately, disable or restrict the FileUplink service to only trusted sources.", "Add explicit validation of payload lengths and destination paths before performing file writes in any custom or legacy implementation."], "summary": {"action": "Patch the framework", "impact": "Arbitrary file write leading to remote code execution"}, "threat_synthesis": {"affected_systems": "Affected systems are deployments of NASA\u2019s F Prime framework older than version\u202f4.2.0. The vulnerability is present in the natural file uplink used by many spaceflight and other embedded software applications that rely on F Prime for data transfer.", "description_and_impact": "A logic flaw in the F Prime FileUplink component causes an unsigned integer overflow when calculating the boundary byteOffset + dataSize against the fileSize. An attacker can send a crafted packet with a large byteOffset that wraps to zero, bypassing the bounds check and writing data starting at an offset close to the full 4GB range. In addition, the code that writes to the destination file performs no validation of the file path, enabling a write to any arbitrary file. The combination of these defects permits an attacker to inject arbitrary data into any file on the target system, which can then be used to achieve remote code execution on the embedded device.\n\nAffected systems are deployments of NASA\u2019s F Prime framework older than version 4.2.0. The vulnerability is present in the natural file uplink used by many spaceflight and other embedded software applications that rely on F Prime for data transfer.\n\nRisk and exploitability: The flaw has no public exploit probability score available and is not listed in the CISA KEV catalog, but its potential impact is severe. The vulnerability requires the ability to send a specially crafted data packet and access to the FileUplink service, which may be exposed locally or remotely depending on the deployment. Because the corruption occurs at the file I/O layer, typical memory corruption detection tools do not catch it. Attackers who succeed can overwrite critical binaries or configuration files, resulting in complete compromise of an embedded target.", "risk_and_exploitability": "Risk and exploitability: The flaw has no public exploit probability score available and is not listed in the CISA KEV catalog, but its potential impact is severe. The vulnerability requires the ability to send a specially crafted data packet and access to the FileUplink service, which may be exposed locally or remotely depending on the deployment. Because the corruption occurs at the file I/O layer, typical memory corruption detection tools do not catch it. Attackers who succeed can overwrite critical binaries or configuration files, resulting in complete compromise of an embedded target."}}}}, "created": "2026-04-22T02:00:04.888329+00:00", "updated": "2026-04-22T04:30:05.302273+00:00", "vendors": ["nasa", "nasa$PRODUCT$fprime"]}