This page lists publicly disclosed CVE vulnerabilities affecting nasa cryptolib (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-22697 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_ | [email protected] | 7.5 | 0.45% | 2026-01-09 | 2026-06-17 |
| CVE-2026-22027 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized | [email protected] | 5.7 | 0.21% | 2026-01-09 | 2026-06-17 |
| CVE-2026-22026 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, fo | [email protected] | 8.2 | 0.54% | 2026-01-09 | 2026-06-17 |
| CVE-2026-22025 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from | [email protected] | 6.3 | 0.50% | 2026-01-09 | 2026-06-17 |
| CVE-2026-22024 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. | [email protected] | 6.3 | 0.43% | 2026-01-09 | 2026-06-17 |
| CVE-2026-22023 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3. | [email protected] | 8.2 | 0.53% | 2026-01-09 | 2026-06-17 |
| CVE-2026-21900 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries | [email protected] | 8.2 | 0.51% | 2026-01-09 | 2026-06-17 |
| CVE-2026-21899 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen - 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inpu | [email protected] | 4.7 | 0.32% | 2026-01-09 | 2026-06-17 |
| CVE-2026-21898 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3. | [email protected] | 8.2 | 0.41% | 2026-01-09 | 2026-06-17 |
| CVE-2026-21897 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located imm | [email protected] | 7.3 | 0.26% | 2026-01-09 | 2026-06-17 |
| CVE-2025-64096 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an | [email protected] | 8.8 | 0.46% | 2025-10-30 | 2026-06-17 |
| CVE-2025-59534 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in initialize_kerberos_keytab_file_login(). The vulnerability exists because the code directly interpolates user-controlled input into a shell command and executes it via system() without any sanitizati | [email protected] | 7.3 | 0.92% | 2025-09-23 | 2026-06-17 |
| CVE-2025-54878 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker ca | [email protected] | 8.6 | 0.36% | 2025-08-11 | 2026-06-17 |
| CVE-2025-46675 | In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking. | [email protected] | 3.5 | 0.28% | 2025-04-26 | 2026-06-17 |
| CVE-2025-46674 | NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. | [email protected] | 3.5 | 0.47% | 2025-04-26 | 2026-06-17 |
| CVE-2025-46673 | NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). | [email protected] | 4.9 | 0.39% | 2025-04-26 | 2026-06-17 |
| CVE-2025-46672 | NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking. | [email protected] | 3.5 | 0.37% | 2025-04-26 | 2026-06-17 |
| CVE-2025-30356 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully | [email protected] | 9.3 | 0.58% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30216 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, | [email protected] | 9.4 | 2.37% | 2025-03-25 | 2026-06-17 |
| CVE-2025-29913 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_TC_Prep_AAD` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing | [email protected] | 8.9 | 0.66% | 2025-03-17 | 2026-06-17 |