Lowbitwarrior

**Name of the Vulnerable Software and Affected Versions** F Prime versions prior to 4.2.0 **Description** An integer overflow occurs during a bounds check where the addition of `byteOffset` and `dataSize` wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a file write at an unintended offset. Furthermore, the destination file path in 'Svc/FileUplink/File.cpp' is not sanitized. Together, these issues allow writing arbitrary data to any file at any offset, which can lead to remote code execution on embedded targets. **Recommendations** Update to version 4.2.0.