F Prime Framework CVE-2026-41144
NONESeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers - the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available.
AnalysisAI
F Prime framework before version 4.2.0 allows remote code execution via integer overflow in bounds checking combined with path traversal in file upload functionality. An attacker sending a crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 causes U32 addition to wrap to zero, bypassing the fileSize validation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target F Prime deployment to have the FileUplink service enabled and accessible over the network (either directly or via command/telemetry infrastructure). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents critical risk despite the CVSS vector provided (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N) appearing to indicate no impact-this vector is inconsistent with the description and should be treated as erroneous or placeholder data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on a network with access to a spacecraft, rover, or other embedded system running F Prime pre-4.2.0 crafts a DataPacket with byteOffset=0xFFFFFF9C, dataSize=100, and a destination file path pointing to a critical binary or configuration file (e.g., /usr/local/bin/control_daemon). The integer overflow causes the bounds check to wrap and pass validation. … |
| Remediation | Upgrade F Prime framework to version 4.2.0 or later, which contains the integer overflow fix and path sanitization. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today