{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30216", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-18T18:15:13.850Z", "datePublished": "2025-03-25T19:22:22.645Z", "dateUpdated": "2025-03-25T19:37:44.551Z"}, "containers": {"cna": {"title": "CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv"}, {"name": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f", "tags": ["x_refsource_MISC"], "url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f"}, {"name": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4", "tags": ["x_refsource_MISC"], "url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4"}], "affected": [{"vendor": "nasa", "product": "CryptoLib", "versions": [{"version": "<= 1.3.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-25T19:22:22.645Z"}, "descriptions": [{"lang": "en", "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f."}], "source": {"advisory": "GHSA-v3jc-5j74-hcjv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T19:37:16.643373Z", "id": "CVE-2025-30216", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T19:37:44.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30216", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T19:37:16.643373Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T19:37:27.858Z"}}], "cna": {"title": "CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length", "source": {"advisory": "GHSA-v3jc-5j74-hcjv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "nasa", "product": "CryptoLib", "versions": [{"status": "affected", "version": "<= 1.3.3"}]}], "references": [{"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv", "name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f", "name": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4", "name": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-25T19:22:22.645Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30216", "state": "PUBLISHED", "dateUpdated": "2025-03-25T19:37:44.551Z", "dateReserved": "2025-03-18T18:15:13.850Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-03-25T19:22:22.645Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C930C9B-8C81-459A-AB6D-5F6D85290E1C", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f."}, {"lang": "es", "value": "CryptoLib ofrece una soluci\u00f3n exclusivamente de software que utiliza el Protocolo de Seguridad de Enlace de Datos Espaciales CCSDS - Procedimientos Extendidos (SDLS-EP) para proteger las comunicaciones entre una nave espacial que ejecuta el Sistema de Vuelo (cFS) y una estaci\u00f3n terrestre. En las versiones 1.3.3 y anteriores, se produce una vulnerabilidad de desbordamiento de pila en la funci\u00f3n `Crypto_TM_ProcessSecurity` (`crypto_tm.c:1735:8`). Al procesar la longitud de la cabecera secundaria de un paquete del protocolo TM, si esta supera la longitud total del paquete, se produce un desbordamiento de pila durante la operaci\u00f3n memcpy, que copia los datos del paquete en el b\u00fafer asignado din\u00e1micamente `p_new_dec_frame`. Esto permite a un atacante sobrescribir la memoria de pila adyacente, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o la inestabilidad del sistema. Hay un parche disponible en el commit 810fd66d592c883125272fef123c3240db2f170f."}], "id": "CVE-2025-30216", "lastModified": "2025-05-06T19:34:21.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-25T20:15:22.567", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}