Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
81 vulnerabilities found for CryptoLib by NASA
FKIE_CVE-2026-22697
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:42
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib\u2019s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la integraci\u00f3n del servicio criptogr\u00e1fico KMC de CryptoLib es vulnerable a un desbordamiento de b\u00fafer de pila al decodificar campos de texto cifrado/texto claro codificados en Base64 devueltos por el servicio KMC. El b\u00fafer de destino de decodificaci\u00f3n se dimensiona utilizando una longitud de salida esperada (len_data_out), pero el decodificador Base64 escribe la salida bas\u00e1ndose en la longitud real de la entrada Base64 y no impone ning\u00fan l\u00edmite de tama\u00f1o de destino. Una cadena Base64 sobredimensionada en la respuesta JSON del KMC puede causar escrituras fuera de l\u00edmites en la pila, lo que resulta en un fallo del proceso y potencialmente la ejecuci\u00f3n de c\u00f3digo bajo ciertas condiciones. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22697",
"lastModified": "2026-01-16T16:42:26.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:19.160",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory",
"Exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory",
"Exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22023
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:45
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, existe una vulnerabilidad de lectura de heap fuera de l\u00edmites en cryptography_aead_encrypt(). Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22023",
"lastModified": "2026-01-16T16:45:11.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.410",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22025
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:39
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n exclusivamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo Central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, cuando el servidor KMC devuelve un c\u00f3digo de estado HTTP que no es 200, cryptography_encrypt() y cryptography_decrypt() retornan inmediatamente sin liberar los b\u00faferes previamente asignados. Cada solicitud fallida fuga aproximadamente 467 bytes. Fallos repetidos (de un servidor malicioso o problemas de red) pueden agotar gradualmente la memoria. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22025",
"lastModified": "2026-01-16T16:39:52.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.703",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21900
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:46
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, una vulnerabilidad de lectura de pila fuera de l\u00edmites en cryptography_encrypt() ocurre al analizar metadatos JSON de las respuestas del servidor KMC. El patr\u00f3n de iteraci\u00f3n defectuoso de strtok utiliza ptr + strlen(ptr) + 1, que lee un byte m\u00e1s all\u00e1 de los l\u00edmites del b\u00fafer asignado al procesar cadenas de metadatos cortas o malformadas. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-21900",
"lastModified": "2026-01-16T16:46:47.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.263",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22024
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:44
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la funci\u00f3n cryptography_encrypt() asigna m\u00faltiples b\u00faferes para solicitudes HTTP y an\u00e1lisis JSON que nunca se liberan en ninguna ruta de c\u00f3digo. Cada llamada filtra aproximadamente 400 bytes de memoria. El tr\u00e1fico sostenido puede agotar gradualmente la memoria disponible. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22024",
"lastModified": "2026-01-16T16:44:36.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.553",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22026
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-16 16:43
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la funci\u00f3n write_callback de libcurl en el cliente del servicio criptogr\u00e1fico KMC permite un crecimiento ilimitado de la memoria al reasignar b\u00faferes de respuesta sin ning\u00fan l\u00edmite de tama\u00f1o o verificaci\u00f3n de desbordamiento. Un servidor KMC malicioso puede devolver respuestas HTTP arbitrariamente grandes, forzando al cliente a asignar memoria excesiva hasta que el proceso sea terminado por el SO. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22026",
"lastModified": "2026-01-16T16:43:52.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.843",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22027
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-15 21:45
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la funci\u00f3n convert_hexstring_to_byte_array() en la interfaz SA de MariaDB escribe bytes decodificados en un b\u00fafer proporcionado por el llamador sin ninguna verificaci\u00f3n de capacidad. Al importar campos SA de la base de datos (por ejemplo, IV, ARSN, ABM), una cadena hexadecimal malformada o sobredimensionada en la base de datos puede desbordar el b\u00fafer de destino, corrompiendo la memoria heap adyacente. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-22027",
"lastModified": "2026-01-15T21:45:02.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:18.990",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-21899
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-15 21:45
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen \u003e 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, en base64urlDecode, la eliminaci\u00f3n de relleno desreferencia input[inputLen - 1] antes de verificar que inputLen \u0026gt; 0 o que input != NULL. Para inputLen == 0, esto se convierte en una lectura fuera de l\u00edmites (OOB read) en input[-1], lo que podr\u00eda bloquear el proceso. Si input == NULL e inputLen == 0, desreferencia NULL - 1. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-21899",
"lastModified": "2026-01-15T21:45:24.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-10T01:16:18.113",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21897
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-15 21:48
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter \u003e GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial ejecutando el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la funci\u00f3n Crypto_Config_Add_Gvcid_Managed_Parameters solo verifica si gvcid_counter \u0026gt; GVCID_MAN_PARAM_SIZE. Como resultado, permite hasta la entrada 251, lo que provoca una escritura m\u00e1s all\u00e1 del final del array, sobrescribiendo gvcid_counter ubicado inmediatamente despu\u00e9s de gvcid_managed_parameters_array[250]. Esto conduce a una escritura fuera de l\u00edmites, y el gvcid_counter sobrescrito puede convertirse en un valor arbitrario, afectando potencialmente la l\u00f3gica de b\u00fasqueda/registro de par\u00e1metros que depende de \u00e9l. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-21897",
"lastModified": "2026-01-15T21:48:26.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:17.053",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-21898
Vulnerability from fkie_nvd - Published: 2026-01-10 01:16 - Updated: 2026-01-15 21:48
Severity ?
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BE91E-2901-42AF-BC66-762CFA7A2582",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3."
},
{
"lang": "es",
"value": "CryptoLib proporciona una soluci\u00f3n \u00fanicamente de software utilizando el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para asegurar las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo central (cFS) y una estaci\u00f3n terrestre. Antes de la versi\u00f3n 1.4.3, la funci\u00f3n Crypto_AOS_ProcessSecurity lee memoria sin una comprobaci\u00f3n de l\u00edmites v\u00e1lida al analizar los hashes de tramas AOS. Este problema ha sido parcheado en la versi\u00f3n 1.4.3."
}
],
"id": "CVE-2026-21898",
"lastModified": "2026-01-15T21:48:49.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T01:16:17.957",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2026-22697 (GCVE-0-2026-22697)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:31 – Updated: 2026-01-13 21:48
VLAI?
Title
CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
Severity ?
7.5 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22697",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:48:35.288004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:48:38.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib\u2019s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:31:11.045Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-qjx3-83jh-2jc4",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22697",
"datePublished": "2026-01-10T00:31:11.045Z",
"dateReserved": "2026-01-08T19:23:09.856Z",
"dateUpdated": "2026-01-13T21:48:38.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22027 (GCVE-0-2026-22027)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:24 – Updated: 2026-01-12 16:23
VLAI?
Title
CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22027",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:33:54.090680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:23:53.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:24:58.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-3m35-m689-h29x",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22027",
"datePublished": "2026-01-10T00:24:58.903Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-12T16:23:53.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22026 (GCVE-0-2026-22026)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:22 – Updated: 2026-01-13 21:47
VLAI?
Title
CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22026",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:47:49.912729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:47:52.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:22:35.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-w9cm-q69w-34x7",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22026",
"datePublished": "2026-01-10T00:22:35.480Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T21:47:52.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22025 (GCVE-0-2026-22025)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:20 – Updated: 2026-01-13 20:19
VLAI?
Title
CryptoLib Memory Leak on HTTP Error Response in KMC Client
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T20:18:57.347847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T20:19:08.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:20:59.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-h74x-vwwr-mm5g",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Memory Leak on HTTP Error Response in KMC Client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22025",
"datePublished": "2026-01-10T00:20:59.338Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T20:19:08.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22024 (GCVE-0-2026-22024)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:19 – Updated: 2026-01-13 20:08
VLAI?
Title
CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T20:08:52.707534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T20:08:55.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:19:16.006Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-r3wg-g8xv-gxvf",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22024",
"datePublished": "2026-01-10T00:19:16.006Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T20:08:55.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22023 (GCVE-0-2026-22023)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:17 – Updated: 2026-01-13 17:17
VLAI?
Title
CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T17:17:35.907425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:17:39.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:17:03.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-8w3h-q8jm-3chq",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22023",
"datePublished": "2026-01-10T00:17:03.148Z",
"dateReserved": "2026-01-05T22:30:38.717Z",
"dateUpdated": "2026-01-13T17:17:39.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21900 (GCVE-0-2026-21900)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:14 – Updated: 2026-01-13 17:16
VLAI?
Title
CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21900",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T17:16:31.457731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:16:34.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:14:33.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-4g6v-36fv-qcvw",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21900",
"datePublished": "2026-01-10T00:14:33.782Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-13T17:16:34.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21899 (GCVE-0-2026-21899)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:11 – Updated: 2026-01-12 20:23
VLAI?
Title
CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3.
Severity ?
4.7 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:22:54.955002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:23:08.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen \u003e 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:11:18.877Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-wc29-5hw7-mpj8",
"discovery": "UNKNOWN"
},
"title": "CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21899",
"datePublished": "2026-01-10T00:11:18.877Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-12T20:23:08.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21898 (GCVE-0-2026-21898)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:10 – Updated: 2026-01-12 20:22
VLAI?
Title
CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3.
Severity ?
8.2 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:22:02.691151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:22:05.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:10:29.925Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-7ch6-2pmg-m853",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21898",
"datePublished": "2026-01-10T00:10:29.925Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-12T20:22:05.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21897 (GCVE-0-2026-21897)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:07 – Updated: 2026-01-12 20:21
VLAI?
Title
CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
Severity ?
7.3 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:21:14.781089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:21:22.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter \u003e GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:07:16.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-9x7j-gx23-7m5r",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21897",
"datePublished": "2026-01-10T00:07:16.920Z",
"dateReserved": "2026-01-05T17:24:36.930Z",
"dateUpdated": "2026-01-12T20:21:22.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22697 (GCVE-0-2026-22697)
Vulnerability from nvd – Published: 2026-01-10 00:31 – Updated: 2026-01-13 21:48
VLAI?
Title
CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.
Severity ?
7.5 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22697",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:48:35.288004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:48:38.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib\u2019s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:31:11.045Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-qjx3-83jh-2jc4",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22697",
"datePublished": "2026-01-10T00:31:11.045Z",
"dateReserved": "2026-01-08T19:23:09.856Z",
"dateUpdated": "2026-01-13T21:48:38.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22027 (GCVE-0-2026-22027)
Vulnerability from nvd – Published: 2026-01-10 00:24 – Updated: 2026-01-12 16:23
VLAI?
Title
CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22027",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:33:54.090680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:23:53.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:24:58.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-3m35-m689-h29x",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22027",
"datePublished": "2026-01-10T00:24:58.903Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-12T16:23:53.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22026 (GCVE-0-2026-22026)
Vulnerability from nvd – Published: 2026-01-10 00:22 – Updated: 2026-01-13 21:47
VLAI?
Title
CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22026",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:47:49.912729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:47:52.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:22:35.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-w9cm-q69w-34x7",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22026",
"datePublished": "2026-01-10T00:22:35.480Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T21:47:52.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22025 (GCVE-0-2026-22025)
Vulnerability from nvd – Published: 2026-01-10 00:20 – Updated: 2026-01-13 20:19
VLAI?
Title
CryptoLib Memory Leak on HTTP Error Response in KMC Client
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T20:18:57.347847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T20:19:08.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:20:59.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-h74x-vwwr-mm5g",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Memory Leak on HTTP Error Response in KMC Client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22025",
"datePublished": "2026-01-10T00:20:59.338Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T20:19:08.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22024 (GCVE-0-2026-22024)
Vulnerability from nvd – Published: 2026-01-10 00:19 – Updated: 2026-01-13 20:08
VLAI?
Title
CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T20:08:52.707534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T20:08:55.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:19:16.006Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-r3wg-g8xv-gxvf",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22024",
"datePublished": "2026-01-10T00:19:16.006Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T20:08:55.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22023 (GCVE-0-2026-22023)
Vulnerability from nvd – Published: 2026-01-10 00:17 – Updated: 2026-01-13 17:17
VLAI?
Title
CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T17:17:35.907425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:17:39.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:17:03.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-8w3h-q8jm-3chq",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22023",
"datePublished": "2026-01-10T00:17:03.148Z",
"dateReserved": "2026-01-05T22:30:38.717Z",
"dateUpdated": "2026-01-13T17:17:39.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21900 (GCVE-0-2026-21900)
Vulnerability from nvd – Published: 2026-01-10 00:14 – Updated: 2026-01-13 17:16
VLAI?
Title
CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21900",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T17:16:31.457731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:16:34.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:14:33.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-4g6v-36fv-qcvw",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21900",
"datePublished": "2026-01-10T00:14:33.782Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-13T17:16:34.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21899 (GCVE-0-2026-21899)
Vulnerability from nvd – Published: 2026-01-10 00:11 – Updated: 2026-01-12 20:23
VLAI?
Title
CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3.
Severity ?
4.7 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:22:54.955002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:23:08.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen \u003e 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL - 1. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:11:18.877Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-wc29-5hw7-mpj8",
"discovery": "UNKNOWN"
},
"title": "CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21899",
"datePublished": "2026-01-10T00:11:18.877Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-12T20:23:08.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21898 (GCVE-0-2026-21898)
Vulnerability from nvd – Published: 2026-01-10 00:10 – Updated: 2026-01-12 20:22
VLAI?
Title
CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3.
Severity ?
8.2 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:22:02.691151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:22:05.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:10:29.925Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-7ch6-2pmg-m853",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21898",
"datePublished": "2026-01-10T00:10:29.925Z",
"dateReserved": "2026-01-05T17:24:36.931Z",
"dateUpdated": "2026-01-12T20:22:05.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21897 (GCVE-0-2026-21897)
Vulnerability from nvd – Published: 2026-01-10 00:07 – Updated: 2026-01-12 20:21
VLAI?
Title
CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
Severity ?
7.3 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T20:21:14.781089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T20:21:22.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter \u003e GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:07:16.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-9x7j-gx23-7m5r",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21897",
"datePublished": "2026-01-10T00:07:16.920Z",
"dateReserved": "2026-01-05T17:24:36.930Z",
"dateUpdated": "2026-01-12T20:21:22.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}