CVE-2025-70083
HIGHOpenSatKit 2.2.1 - Stack-based Buffer Overflow via DirName Telecommand
Title source: llmDescription
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
References (5)
Core 5
Core References
Third Party Advisory
https://gist.github.com/jonafk555
Scores
CVSS v3
7.8
EPSS
0.0020
EPSS Percentile
9.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
opensatkit/opensatkit
2.2.1
Published
Feb 11, 2026
Tracked Since
Feb 18, 2026