Description

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.

INFO

Published Date :

2026-02-11T00:00:00.000Z

Last Modified :

2026-02-12T15:02:00.414Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70085 vulnerability.

Vendors Products
Opensatkit
  • Opensatkit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70085.

URL Resource
https://gist.github.com/jonafk555 cve-icon cve-icon
https://github.com/OpenSatKit/OpenSatKit cve-icon cve-icon
https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1 cve-icon cve-icon
https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/file.c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact