CVE-2025-70083

Name of the Vulnerable Software and Affected Versions OpenSatKit version 2.2.1

Description An issue exists in which the DirName field within a telecommand, supplied from an external source, is not adequately validated. The program utilizes strcpy to copy the contents of DirName into a local buffer, DirWithSep, which has a fixed size of OS MAX PATH LEN. If the length of DirName equals or exceeds OS MAX PATH LEN, a stack buffer overflow occurs, potentially overwriting adjacent stack memory. A path length check, performed by the FileUtil AppendPathSep function, happens after the strcpy operation, making it ineffective in preventing the overflow.

Recommendations Update to a newer version that contains a fix for this vulnerability.