Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
Published: 2026-01-10
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Immediate Patch
AI Analysis

Impact

CryptoLib implements a software‑only protection for spacecraft‑ground communication. The vulnerability exists in the Crypto_Config_Add_Gvcid_Managed_Parameters routine which incorrectly allows the gvcid_counter to exceed the array bounds. As a result an out‑of‑bounds write overwrites the counter immediately after the GVCID parameter array. This can corrupt state used for future parameter lookups, potentially permitting an attacker to corrupt configuration data or cause a failure in the registration logic. The weakness is a classic buffer overrun (CWE‑787).

Affected Systems

The affected product is NASA's CryptoLib and applies to all releases earlier than version 1.4.3. Any system that incorporates CryptoLib for the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS‑EP) is impacted until the code is updated to v1.4.3 or later.

Risk and Exploitability

The CVSS score is 7.3, indicating a moderate‑to‑high risk. EPSS is below 1 %, suggesting low exploitation probability at present, and the vulnerability is not in the CISA KEV list. The attack vector is not explicitly disclosed; the flaw is within a core function and would be triggered by supplying a gvcid_counter larger than the defined limit, likely through a local or privileged execution path. No remote exploit chain is documented, but the memory corruption could lead to denial of service or manipulation of spacecraft‑ground communication parameters if executed with sufficient privileges.

Generated by OpenCVE AI on April 18, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CryptoLib to version 1.4.3 or later as released by NASA.
  • If an upgrade cannot be performed immediately, modify the client code to check that gvcid_counter does not exceed GVCID_MAN_PARAM_SIZE before calling Crypto_Config_Add_Gvcid_Managed_Parameters.
  • Continuously monitor system logs for anomalies related to parameter registration and restrict unauthorized writes to the configuration module.

Generated by OpenCVE AI on April 18, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nasa:cryptolib:*:*:*:*:*:*:*:*

Mon, 12 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa cryptolib
Vendors & Products Nasa
Nasa cryptolib

Sat, 10 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3.
Title CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Nasa Cryptolib
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T20:21:22.735Z

Reserved: 2026-01-05T17:24:36.930Z

Link: CVE-2026-21897

cve-icon Vulnrichment

Updated: 2026-01-12T20:21:19.132Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T01:16:17.053

Modified: 2026-01-15T21:48:26.340

Link: CVE-2026-21897

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses