NASA OpenVSP 3.16.1 contains a buffer overflow vulnerability in the geometry name field handling. A local attacker can trigger denial of service by supplying an excessively long string (approximately 5000 bytes) in the name input field within the Geom browser pod addition interface. The vulnerability results in application crash due to improper bounds checking on user-supplied input. This is a local attac [truncated]
CVE-2026-41144 affects NASA F Prime prior to version 4.2.0. A U32 overflow in the byteOffset + dataSize bounds check can let a crafted packet bypass validation, and the destination path is not sanitized, allowing writes to arbitrary files at attacker-chosen offsets. The advisory says this can lead to remote code execution on embedded targets, and notes that ASAN will not detect the bug because the corrupt [truncated]
