NASA openVSP 3.16.1 Denial of Service via Buffer Overflow
Description
NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NASA openVSP 3.16.1 contains a local buffer overflow in the geometry name field, allowing unauthenticated attackers to crash the application via a 5000-byte string.
Vulnerability
NASA openVSP version 3.16.1 contains a buffer overflow vulnerability in the Geom browser pod addition interface. The bug occurs when an excessively long string is supplied in the geometry name field; the application fails to validate the input size before copying it into a fixed-size buffer, leading to a classic buffer overflow (CWE-120) [1][3]. Any user with local access to the application can trigger the crash by providing a string of approximately 5000 bytes [2].
Exploitation
An attacker must have local access to a machine running openVSP 3.16.1 and must interact with the graphical user interface. The steps are: (1) launch vsp.exe, (2) navigate to the Geom browser, click "Add", (3) go to the "pod" submenu and click "Add" again, (4) paste the 5000-byte payload from a file (e.g., poc.txt) into the "name" field, and (5) click "Add". The application immediately crashes, producing a denial of service [2]. No authentication or special privileges are required beyond normal desktop access.
Impact
Successful exploitation results in a denial of service: the application crashes and terminates immediately. There is no evidence of code execution or data corruption beyond the crash; the impact is limited to application availability (CIA: availability loss only). The crash does not persist across restarts, and no system-level compromise has been reported [2][3].
Mitigation
As of the available references, no official patch has been released for openVSP 3.16.1. Users should upgrade to a version newer than 3.16.1 if available, or restrict local access to the application to trusted users only. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1][3].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation on the geometry name field causes a buffer overflow when a string longer than the fixed-size buffer is supplied."
Attack vector
A local attacker supplies an excessively long string (5000 bytes) into the geometry name field within the Geom browser pod addition interface [ref_id=2]. The application fails to validate the length of this input, causing a buffer overflow when the string is copied into a fixed-size buffer. This overflow corrupts memory and crashes the application, resulting in a denial of service [ref_id=2]. The attack requires local access to the machine and the ability to paste text into the GUI.
Affected code
The advisory does not specify the exact source file or function that handles the geometry name input. The vulnerability exists in the Geom browser pod addition interface of OpenVSP 3.16.1, where the name field is processed without length validation [ref_id=2].
What the fix does
No patch is published for this vulnerability. The advisory does not include a fix or remediation guidance from the vendor [ref_id=2]. To mitigate the issue, the application should implement input length validation on the geometry name field to reject strings that exceed the expected buffer size.
Preconditions
- authAttacker must have local access to a system running OpenVSP 3.16.1
- inputAttacker must be able to interact with the Geom browser GUI (paste text into the name field)
Reproduction
1. Run the Python exploit code to generate a 5000-byte payload and save it to "poc.txt" [ref_id=2]. 2. Open "vsp.exe". 3. Navigate to "Geom browser" and click "Add". 4. Navigate to "pod" and click "sub". 5. Click "Add" and paste the content of "poc.txt" into the "name" field. 6. Click "Add" — the application crashes [ref_id=2].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.exploit-db.com/exploits/45281mitreexploit
- www.vulncheck.com/advisories/nasa-openvsp-denial-of-service-via-buffer-overflowmitrethird-party-advisory
News mentions
0No linked articles in our index yet.